sshfs through a firewall and ssh_config

Help
2003-06-08
2003-06-14
  • I use ssh to tunnel through a firewall to a number of hosts.
    To make things easier, I use my personal ssh_config file to
    set up stanzas which map the host name to local ports, e.g.

    Host FirstHost
      HostName localhost
      Port 10022
      UserKnownHostsFile /home/weinberg/.ssh/FirstHost

    Host SecondHost
      HostName localhost
      Port 10023
      UserKnownHostsFile /home/weinberg/.ssh/SecondHost

    where the UserKnowHostsFile contains the key for each host.

    Once I set up a tunnel for each host for port 21 through the
    firewall, then I can "ssh FirstHost" or "ssh SecondHost".

    Ok, so my question is how to make this work smoothly with
    lufs.  For example, is there a way of getting sshfs to use my
    ssh_config file?

     
    • Florin Malita
      Florin Malita
      2003-06-08

      if you can simply run "ssh FirstHost" then it should work with lufs too, because this is pretty much what lufs does.

      do you have any reson to believe it doesn't work?

       
      • Hi,

        Here is a patch that fixes my problem.  It uses the
        user's ssh config file if it exists and goes with the original
        port specification otherwise.

        --- sftplib.cpp Sat Jun 14 14:01:47 2003
        +++ sftplib.cpp.orig    Sat Jun 14 14:01:01 2003
        @@ -167,12 +167,11 @@
         
             struct stat f_stat;
             string config = string(getenv("HOME")) + "/.ssh/config";
        -                               // Check for existence of ssh config directory
             if (std::stat(config.c_str(), &f_stat) == 0) {
               config = string("-F") + config;
               args[6] = (char*)config.c_str();
             }
        -    else                       // Otherwise use default ssh port
        +    else
               args[6] = portstr;
         
             args[7] = (char*)usr.c_str();

        ========================================
        On a separate issue, I notice that version 0.9.6 misgenerates
        the shared library names on install unless I reconfigure the
        package with autoconf, etc. again.  This was not the case for
        0.9.5.  I am using Debian/GNU Linux woody.

         
    • Yes, that was the first thing I tried.  In debug I found:

      [46d3](connect)args[0]=/usr/bin/ssh
      [46d3](connect)args[1]=-oFallBackToRsh no
      [46d3](connect)args[2]=-oForwardX11 no
      [46d3](connect)args[3]=-oForwardAgent no
      [46d3](connect)args[4]=-oClearAllForwardings yes
      [46d3](connect)args[5]=-oProtocol 2
      [46d3](connect)args[6]=-p22
      [46d3](connect)args[7]=-lweinberg
      [46d3](connect)args[8]=-s
      [46d3](connect)args[9]=FirstHost
      [46d3](connect)args[a]=sftp

      I'm guessing that the command line parameters are taking
      precidence over the stuff in ~/.ssh/config.  If there an easy
      way to change this, I'll test it.

      If I explicity specify "weinberg@localhost:10022", lufsmount
      works fine, but of course, I get a localhost entry in
      ~/.ssh/known_hosts that gets in the way of any other attempts
      to lufsmount other hosts (without first deleting the entry).

      I realize that this a sort of convoluted set up . . . but I can't
      think of a better way to organize ssh tunneling.

       
    • Apologies, I sent you a bad patch, this is the correct one:

      --- sftplib.cpp Sat Mar  8 05:47:06 2003
      +++ sftplib.cpp.new     Sat Jun 14 14:11:00 2003
      @@ -165,7 +165,16 @@
           string usr = string("-l") + user;
           sprintf(portstr, "-p%d", port);
       
      -    args[6] = portstr;
      +    struct stat f_stat;
      +    string config = string(getenv("HOME")) + "/.ssh/config";
      +                               // Check for existence of ssh config directory
      +    if (std::stat(config.c_str(), &f_stat) == 0) {
      +      config = string("-F") + config;
      +      args[6] = (char*)config.c_str();
      +    }
      +    else                       // Otherwise use default ssh port
      +      args[6] = portstr;
      +
           args[7] = (char*)usr.c_str();
           args[9] = host;