Autossh is a nice way to keep a ssh connection alive. This is especially useful when it comes to ssh tunnels. To make things even more automagicial I have now written the init script template autossh_tunnel.foo.
A few import facts regarding the script:
- Autossh 1.4 or later is required. Earlier versions of autossh doesn’t handle PID-files.
- The init script is based on the start-stop-daemon. Hence it will probably only work on Debian, Ubuntu and similar systems.
- There is no way to enter a password. A setup based on ssh-keys or similar is required.
- Autossh doesn’t handle every kind of ssh problem. Because of that it is possible for the initial connection to fail without the init script knowing about it.
This is by the way my first real init script. Any feedback on it would be greatly appreciated.
Inspired by the Ubuntu project Encrypted Private Directory I decided to set something similar up on my Eee PC. Being a regular FUSE user I based my solution on EncFs and pam-encfs.
First of all we create our folders. These commands should be run as your normal user. The password you give EncFs has to be the same as the one you use to login.
$ mkdir /home/U/.private /home/U/private
$ chmod 700 /home/U/.private /home/U/private
$ encfs /home/U/.private /home/U/private
$ fusermount -u /home/U/private
(By the way, I’m assuming that the user is part of the fuse group, or has proper permissions to /dev/fuse by some other means.)
With your folders in order it’s time to instruct PAM on how to automaticly mount your private folder at login time. My /etc/pam.d/common-auth and /etc/security/pam_encfs.conf looks like this.
auth sufficient pam_encfs.so
auth required pam_unix.so nullok_secure use_first_pass
U /home/U/.private /home/U/private –public nonempty
Using –public will ensure proper file ownership; no matter if encfs is mounted by root (gdm/X) or by your normal user. You might have to restart gdm, sshd, etc before your new PAM settings take effect.
By now the folder /home/U/private/ will be mounted at login time. Everything you put in there will be encrypted into /home/U/.private/.
I guess I shold mention that my Eee is a DebianEee. I have no idea how well this will work on the default Xandros Eee installation.