Home ›
Connecting to the Vault with sshfs
Links :
Public key authentification (for automatic reconnection)
Init script that will automatically mount the vault
Important configuration file that will automatically keep the vault connection alive
Installing Samba (if you need it)
Program for automatically starting VirtualBox on Windows.
Sshfs installation:
We first need to install sshfs
apt-get install sshfs
Then we need to create the local alfa user.
Create a file with the following in it (replace XXXXX with a password for the alfa user):
cat > alfa.cred
alfa:XXXXX:1001:1001::/home/alfa:/bin/bash
Hit Ctrl-d
Then run:
newusers -r alfa.cred
First try to ssh to the central vault host:
ssh alfa@alandfaraway.org
Type in the alfa user password for the central vault (ask IA or TA if you don't know it).
Switch to user alfa (local user) :
su - alfa
Create the vault directory
mkdir vault
Switch back to root with a logout or ctrl-d.
Mount the vault (note you should do that only for testing as we have a better solution below that will automatically mount the vault when Linux starts):
sshfs alfa@alandfaraway.org:/home/alfa/vault /home/alfa/vault -o allow_other,reconnect
Type the alfa user password for the central vault.
Switch again to user alfa and try to create a file:
su - alfa
cd vault
cd test
touch test
ls -l test
If everything is okay the output of ls should look like this:
-rw-r--r-- 1 alfa alfa 0 Jun 27 21:24 test
Public key authentification:
In order to allow reconnecting you must allow public key ssh connections (ie allow to connect without typing the password):
On the game server linux box as the user called alfa type in:
ssh-keygen -t dsa
(then type three times on return (ie default name for the file, no password, no password)
Then copy the public file over to the alandfaraway.org machine:
scp ~/.ssh/id_dsa.pub alandfaraway.org:gameserver.pub
(here replace gameserver with the acronym of your game server - e.g. whl)
Then connect to the alfa host:
ssh alandfaraway.org
(you'll still need to type the password here)
cat gameserver.pub >> .ssh/authorized_keys
(this will add the public key to the list of authorized keys)
exit
ssh alandfaraway.org
(this time you'll connect without needing to type the password).
In order for this to apply to the root user as well do the following:
Login as root using either:
sudo su -
or
su -
Create a .ssh directory if it doesn't exist:
mkdir ~/.ssh
Copy over the private key file:
cp /home/alfa/.ssh/id_dsa ~/.ssh/
And try to connect to the alfa vault:
ssh alfa@alandfaraway.org
(you should be able to connect without typing the password).
Init script for automatically connecting to the vault when Linux starts:
Here is a script that will automatically connect the vault when the Linux VM starts:
|
### BEGIN INIT INFO # Provides: sshfs # Required-Start: $remote_fs $syslog $network # Required-Stop: $remote_fs $syslog $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: sshfs alfa # Description: Automatically mounts the alfa vault using sshfs ### END INIT INFO
# Author: Patrice Torguet/Hialmar <torguet@gmail.com>
# Do NOT "set -e"
# PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="Automatically mounts the alfa vault using sshfs" NAME=sshfs DAEMON=/usr/bin/$NAME DAEMON_ARGS="alfa@alandfaraway.org:/home/alfa/vault /home/alfa/vault -o allow_other,reconnect,ssh_command=/usr/local/bin/alfa-sshfs-ssh" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME
# Exit if the package is not installed [ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh
# Define LSB log_* functions. # Depend on lsb-base (>= 3.2-14) to ensure that this file is present # and status_of_proc is working. . /lib/lsb/init-functions
# # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started
date >> /var/log/sshfs.log echo 'trying to umount' | tee -a /var/log/sshfs.log umount -l /home/alfa/vault || echo "umount failed with error code $?" | tee -a /var/log/sshfs.log echo 'cleaning mount point' | tee -a /var/log/sshfs.log [ -x "/home/alfa/vault_pbs" ] || mkdir /home/alfa/vault_pbs rmdir /home/alfa/vault || mv /home/alfa/vault "/home/alfa/vault_pbs/vault`date +-%Y-%m-%d-%Hh%Mm%Ss`" mkdir /home/alfa/vault && chmod a+rwx /home/alfa/vault echo 'calling sshfs' | tee -a /var/log/sshfs.log $DAEMON $DAEMON_ARGS || return 2 date >> /var/log/sshfs.log echo 'sshfs done' | tee -a /var/log/sshfs.log
}
# # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred echo 'umount' | tee -a /var/log/sshfs.log umount -l /home/alfa/vault || return 1
}
case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac
: |
You have to put it in /etc/init.d (I have named it sshfs) and chmod it (chmod a+x sshfs).
Then type in:
update-rc.d -f sshfs defaults
This will add links in the rc.d directories.
Automatic keep alive of the vault connection:
This is a config file for ssh that will let ssh and sshfs send keep alive messages every 15 seconds.
This file should be called "config" and be in root's .ssh directory.
|
Host * ServerAliveInterval 15 Host alandfaraway.info User alfa IdentityFile ~/.ssh/id_dsa Host alandfaraway.org User alfa IdentityFile ~/.ssh/id_dsa
|
SSH wrapper script for secure MySQL tunnel
The SSHFS connection is also used for connecting to MySQL securely. You must place the following contents in a file at /usr/local/bin/alfa-sshfs-ssh . That file will be referenced by the sshfs init script.
|
#!/bin/bash a=$@ |
Make the script executable after you have pasted it in:
chmod +x /usr/local/bin/alfa-sshfs-ssh
If the Linux machine is directly connected to the Internet, specify the right interface for the port forward. Make sure to set up firewall rules for allowing port 3306 inbound, too. This should NOT be allowed inbound from the internet, just the local LAN (or Windows gameserver instance).
Samba install/configuration
If you need samba to access the vault continue, if you don't (Windows VM hosted on a Linux OS) you can stop here.
Samba install:
apt-get install samba
Modify samba configuration file so that in the authentication part (it starts with ####### Authentication #######) you have the following uncommented:
| security = user |
And in the Home directory related part (it starts with [homes] you shold have :
| read only = no |
After this you must do:
/etc/init.d/samba restart
On the windows machine you should now be able to type this in a cmd.exe:
net use z \\WindowsIP\alfa
VirtualBox auto start for Windows:
I have also managed to start the VirtualBox Linux VM using this:
http://vboxvmservice.sourceforge.net/