Probably you all have seen that NixOS supports autofs.
autofs mounts a filesystem when you access /auto/dir and umounts it
automatically for you.
You can also use fuse mounts such as sshfs.
I googled a bit and all I could find was "use keys without passphrase".
No way!.
Instead I wrote this sshfs wrapper script:
#!/bin/sh
. ~marc/.keychain/nixos-sh &> /dev/null
# add SSH and SSHFS in PATH:
export PATH=/var/run/current-system/sw/bin:~marc/.nix-profile/bin
exec sshfs "$@"
where nixos-sh contains ssh-agent output you set by eval `ssh-agent`
So this is much more secure and exactly what I'm looking for.
However writing this wrapper script is a bit work and I'd like to commit
it to nixos. Using a .keychain/name-sh file which is written bey
keychain is not an option then. But hey, we're root, aren't we?
So can't we just pgrep for ssh-agents and try them all ?
It shouldn't be too hard to find the socket file either..
Eg lsof does provide all information:
# lsof | grep /tmp/ssh- | grep agent.
ssh-agent 3814 marc 3u unix 0xffff8801ec1d5100 0t0
15440 /tmp/ssh-oIzuho3813/agent.3813
3814 is the bid and agent.3813 is the socket file.
Is it insane providing such a helper script?
Then you can configure fast access to many ssh locations:
autoMaster = a:
let
map = pkgs.writeText "auto" ''
linmarc
-fstype=fuse,rw,nodev,nonempty,noatime,allow_other,max_read=65536,uid=1008,gid=100
:${a.sshfs}\#m...@lin\:
'';
in ''
/auto file:${map}
'';
where a.sshfs is the script iterating over all ssh-agents. Usually you
have only one running anyway, don't you?
Marc Weber
_______________________________________________
nix-dev mailing list
[email protected]
https://mail.cs.uu.nl/mailman/listinfo/nix-dev
