How do I specify the key file for sshfs?
Notice this option:
-o SSHOPT=VAL ssh options (see man ssh_config)
And if you look at man ssh_config, there is an option to set the path to your private key file, called IdentityFile, so you can do this:
sshfs -oIdentityFile=/abs/path/to/id_rsa server: path/to/mnt/point
The path to the identity file must be an absolute path.
In principle it works like this (as root, or use sudo): sshfs -o default_permissions,nonempty,IdentityFile=/home/USER/.ssh/id_rsa SRVUSER@SERVER:PATH /mnt/mountpoint
Replace USER with the user who is in the authorized_keys file of the server, SERVER with the server name (or IP, like 192.168.0.11), SRVUSER with the user on the server (e.g. root, which is not recommended but possible and sometimes necessary; setup your /etc/ssh/sshd_config on the server correctly for this, i.e. directives PermitRootLogin and PasswordAuthentication). Also substitute /mnt/mountpoint accordingly.
The option -o nonempty allows mounting /mnt/mountpoint when this directory is not empty. I have to use this since I keep the file .unmounted in this directory to see if it is mounted or not, so if test -e /mnt/mountpoint/.unmounted returns successfull (i.e. file .unmounted exists in /mnt/mountpoint), it isn't mounted.
A real example:
- server name "homeserver"
- mount /home directory on the server
- my mountpoint on the local system is /mnt/homeserver
- user "steve" has the private key
ssh root@homeserver as user steve worked.
sshfs -o default_permissions,nonempty,IdentityFile=/home/steve/.ssh/id_rsa root@homeserver:/home /mnt/homeserver (as root)
This didn't work, I got the error message: read: Connection reset by peer
Solution: Get more verbose output by adding -o debug.
# sshfs -o default_permissions,nonempty,IdentityFile=/home/steve/.ssh/id_rsa,debug
root@homeserver:/home /mnt/homeserver
FUSE library version: 2.9.8
nullpath_ok: 0
nopath: 0
utime_omit_ok: 0
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStT0123
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:2
ECDSA host key for homeserver has changed and you have requested strict checking.
Host key verification failed.
read: Connection reset by peer
And suddenly it is a lot easier to fix. Because the sshd keys were re-created since the last session but /root/.ssh/known_hosts on the local system still has the old keys – it doesn't work. The solution, in my case, was simply to remove the line starting with homeserver from /root/.ssh/known_hosts using an editor (like nano). Now mounting with sshfs works. At the first mount the new key must be acknowledged:
# mount /mnt/homeserver
The authenticity of host 'homeserver (192.168.0.11)' can't be established.
ECDSA key fingerprint is SHA256:aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsS/1234.
Are you sure you want to continue connecting (yes/no)? yes
BTW, this is the line in /etc/fstab:
root@homeserver:/home /mnt/homeserver fuse.sshfs noauto,nonempty,default_permissions,IdentityFile=/home/steve/.ssh/id_rsa 0 0
So even if it is something else, try -o debug first. It will help tremendously to find the fault.