QNAP [ SSHfs ] [ 2.8.0 ] Mount remote directories over ssh in user space

QoolBox

Représentant QNAP
2 Janvier 2014
10 599
169
158
50
France
www.qnap.com
mini_911498fuse.png

Source : https://github.com/libfuse/sshfs

Download : http://www.qnapclub.eu/index.php?act=detail&qpkg_id=416

x86 version : www.qoolbox.fr/sshFS_2.8.0_x86.qpkg.zip
x64 version : www.qoolbox.fr/sshFS_2.8.0_x86_64.qpkg.zip
x19 version : www.qoolbox.fr/sshFS_2.8.0_arm-x19.qpkg.zip
x31 version : www.qoolbox.fr/sshFS_2.8.0_arm-x31.qpkg.zip
x41 version : www.qoolbox.fr/sshFS_2.8.0_arm-x41.qpkg.zip

Note :

sshfs command added automatically in NAS $PATH
Manageable over Web Interface

about :

This is a filesystem client based on the SSH File Transfer Protocol. Since most SSH servers already support this protocol it is very easy to set up: i.e. on the server side there's nothing to do. On the client side mounting the filesystem is as easy as logging into the server with ssh.

The idea of sshfs was taken from the SSHFS filesystem distributed with LUFS, which I found very useful. There were some limitations of that codebase, rewrite it. Features of this implementation are:

  • Based on FUSE (the best userspace filesystem framework for Linux ;)
  • Multithreading: more than one request can be on it's way to the server
  • Allowing large reads (max 64k)
  • Caching directory contents
  • Reconnect on failure

How to mount a filesystem

Once sshfs is installed (see next section) running it is very simple:

Code:
sshfs hostname: mountpoint

Note, that it's recommended to run it as user, not as root. For this to work the mountpoint must be owned by the user. If the username is different on the host you are connecting to, then use the "username@host:" form. If you need to enter a password sshfs will ask for it (actually it just runs ssh which ask for the password if needed). You can also specify a directory after the ":". The default is the home directory.

Also many ssh options can be specified (see the manual pages for sftp(1) and ssh_config(5)), including the remote port number (-oport=PORT)

To unmount the filesystem:

Code:
fusermount -u mountpoint

usage command line :

Code:
usage: ./sshfs [user@]host:[dir] mountpoint [options]

general options:
    -o opt,[opt...]        mount options
    -h   --help            print help
    -V   --version         print version

SSHFS options:
    -p PORT                equivalent to '-o port=PORT'
    -C                     equivalent to '-o compression=yes'
    -F ssh_configfile      specifies alternative ssh configuration file
    -1                     equivalent to '-o ssh_protocol=1'
    -o reconnect           reconnect to server
    -o delay_connect       delay connection to server
    -o sshfs_sync          synchronous writes
    -o no_readahead        synchronous reads (no speculative readahead)
    -o sync_readdir        synchronous readdir
    -o sshfs_debug         print some debugging information
    -o cache=BOOL          enable caching {yes,no} (default: yes)
    -o cache_max_size=N    sets the maximum size of the cache (default: 10000)
    -o cache_timeout=N     sets timeout for caches in seconds (default: 20)
    -o cache_X_timeout=N   sets timeout for {stat,dir,link} cache
    -o cache_clean_interval=N
                           sets the interval for automatic cleaning of the
                           cache (default: 60)
    -o cache_min_clean_interval=N
                           sets the interval for forced cleaning of the
                           cache if full (default: 5)
    -o workaround=LIST     colon separated list of workarounds
             none             no workarounds enabled
             all              all workarounds enabled
             [no]rename       fix renaming to existing file (default: off)
             [no]nodelaysrv   set nodelay tcp flag in sshd (default: off)
             [no]truncate     fix truncate for old servers (default: off)
             [no]buflimit     fix buffer fillup bug in server (default: on)
    -o idmap=TYPE          user/group ID mapping (default: none)
             none             no translation of the ID space
             user             only translate UID/GID of connecting user
             file             translate UIDs/GIDs contained in uidfile/gidfile
    -o uidfile=FILE        file containing username:remote_uid mappings
    -o gidfile=FILE        file containing groupname:remote_gid mappings
    -o nomap=TYPE          with idmap=file, how to handle missing mappings
             ignore           don't do any re-mapping
             error            return an error (default)
    -o ssh_command=CMD     execute CMD instead of 'ssh'
    -o ssh_protocol=N      ssh protocol to use (default: 2)
    -o sftp_server=SERV    path to sftp server or subsystem (default: sftp)
    -o directport=PORT     directly connect to PORT bypassing ssh
    -o slave               communicate over stdin and stdout bypassing network
    -o disable_hardlink    link(2) will return with errno set to ENOSYS
    -o transform_symlinks  transform absolute symlinks to relative
    -o follow_symlinks     follow symlinks on the server
    -o no_check_root       don't check for existence of 'dir' on server
    -o password_stdin      read password from stdin (only for pam_mount!)
    -o SSHOPT=VAL          ssh options (see man ssh_config)

FUSE options:
    -d   -o debug          enable debug output (implies -f)
    -f                     foreground operation
    -s                     disable multi-threaded operation

    -o allow_other         allow access to other users
    -o allow_root          allow access to root
    -o auto_unmount        auto unmount on process termination
    -o nonempty            allow mounts over non-empty file/dir
    -o default_permissions enable permission checking by kernel
    -o fsname=NAME         set filesystem name
    -o subtype=NAME        set filesystem type
    -o large_read          issue large read requests (2.4 only)
    -o max_read=N          set maximum size of read requests

    -o hard_remove         immediate removal (don't hide files)
    -o use_ino             let filesystem set inode numbers
    -o readdir_ino         try to fill in d_ino in readdir
    -o direct_io           use direct I/O
    -o kernel_cache        cache files in kernel
    -o [no]auto_cache      enable caching based on modification times (off)
    -o umask=M             set file permissions (octal)
    -o uid=N               set file owner
    -o gid=N               set file group
    -o entry_timeout=T     cache timeout for names (1.0s)
    -o negative_timeout=T  cache timeout for deleted names (0.0s)
    -o attr_timeout=T      cache timeout for attributes (1.0s)
    -o ac_attr_timeout=T   auto cache timeout for attributes (attr_timeout)
    -o noforget            never forget cached inodes
    -o remember=T          remember cached inodes for T seconds (0s)
    -o nopath              don't supply path if not necessary
    -o intr                allow requests to be interrupted
    -o intr_signal=NUM     signal to send on interrupt (10)
    -o modules=M1[:M2...]  names of modules to push onto filesystem stack

    -o max_write=N         set maximum size of write requests
    -o max_readahead=N     set maximum readahead
    -o max_background=N    set number of maximum background requests
    -o congestion_threshold=N  set kernel's congestion threshold
    -o async_read          perform reads asynchronously (default)
    -o sync_read           perform reads synchronously
    -o atomic_o_trunc      enable atomic open+truncate support
    -o big_writes          enable larger than 4kB writes
    -o no_remote_lock      disable remote file locking
    -o no_remote_flock     disable remote file locking (BSD)
    -o no_remote_posix_lock disable remove file locking (POSIX)
    -o [no_]splice_write   use splice to write to the fuse device
    -o [no_]splice_move    move data while splicing to the fuse device
    -o [no_]splice_read    use splice to read from the fuse device

Module options:

[subdir]
    -o subdir=DIR           prepend this directory to all paths (mandatory)
    -o [no]rellinks         transform absolute symlinks to relative

[iconv]
    -o from_code=CHARSET   original encoding of file names (default: UTF-8)
    -o to_code=CHARSET      new encoding of the file names (default: UTF-8)
 
Merci pour le partage, je suis en train de tester ça peut être utile. Par contre ... la page web, bien que très pratique, ne demande aucune authentification, un peu limite ça sachant que dedans il y aura des chemins et infos un peu sensible quand même sur le serveur distant, et surtout ça permet d'ajouter des commandes au démarrage ! Un moyen d'améliorer ça ?
Sinon je vais continuer à tester, merci :)
 
Oui je comprends bien on peut pas être parfait partout :mrgreen:
N'empêche du coup en l'état je déconseille fortement son utilisation sans ajouter au moins une règle Apache d'authentification minimale ou un filtre ailleurs sur /sshfs, car la on a un accès de commandes root au boot libre qui contourne toutes les sécurités mises en place par Qnap.
 
Bon bah j'ai trouvé en fait c'est tout c.., je viens de tester sur MP3fs

merci : http://www.htaccesstools.com

je vais lancer un update as soon as possible, merci Mikiya pour la faille ;)

va falloir que je rajoute juste une page PHP dans l'interface pour pouvoir modifier le fichier .htpasswd :mrgreen:
 
De rien, c'est normal de signaler ;)
Oui une authentification Apache avec .htaccess sur du https, c'est déjà bien, ça laissera pas un trou béant comme ça :mrgreen: Surtout que ça a pas destination à y aller beaucoup donc pas besoin de comptes différents et on peut y coller un gros mdp.
Merci pour le boulot !