Operating Systems 2017F: Tutorial 8

From Soma-notes

In this tutorial you will be learning about ssh (openssh) and sshfs, a network filesystem built on FUSE.

Setup

Install the openssh-server and sshfs packages:

sudo apt-get install openssh-server sshfs

Create a second user in the virtual machine named "other" (or any other name you wish to use):

sudo adduser other

(Answer the subsequent prompts however you wish, just remember the password.)

At this point you should be able to log in to the "other" account using ssh:

ssh other@localhost

You'll have to enter your password.

If you don't get a password prompt, password authentication has probably been disabled. (Password authentication has been disabled on the openstack VMs.) To enable it, do the following

 sudo nano /etc/ssh/sshd_config    (or vi, or emacs)

In the editor change the line "PasswordAuthentication no" to "PasswordAuthentication yes". Then, to restart sshd:

 sudo service sshd restart

Be sure to change it back after you've set up public key authentication!

Remote filesystems using sshfs

To mount the other user's files in a directory called "otherfiles", do the following (as user student, ubuntu, or your personal account):

mkdir otherfiles
sshfs other@localhost: otherfiles

To unmount the filesystem:

fusermount -u otherfiles

Public key authentication and ssh

Create a public key file for your account (as user student, ubuntu, or your personal account):

ssh-keygen

(Accept the default filename and choose at least a simple passphrase.)

You just created a certificate! (A certificate is just a public key with metadata.)

Copy the key to the other account:

cat ~/.ssh/id_rsa.pub >> authorized_keys
scp authorized_keys other@localhost:.
rm authorized_keys
ssh other@localhost
(as user other)
mkdir ~/.ssh (if it doesn't exist already)
chmod 700 ~/.ssh  (make it private)
mv ~/authorized_keys ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Now you can log in to user other by typing in the passphrase you used to lock the key you generated.

To avoid entering this passphrase every time, you can give it to the authentication agent (generally, ssh-agent) that was started when you logged in:

 ssh-add

Note I expect the above to be a bit confusing. Do look around for resources on public key cryptography; however, you may find that playing around with ssh authentication may help you understand things better. In particular, try using "-v" (verbose) with ssh.

Tasks

  1. Look at the hard link counts of files locally and compare those to the link counts over sshfs. How do they compare?
  2. Can you access sshfs mounted files as root? (You can become root by typing "sudo su -".) What happens?
  3. Look at inode numbers in local and remote filesystems (as reported by ls -i). How do they compare?
  4. dd a large file to local drive. Do same thing over sshfs. Which is faster? (What is a large file in this context?)
  5. Can you sshfs to the SCS systems (e.g., access.scs.carleton.ca)?
  6. Setup password-less login to the SCS system (and then undo it).
  7. How can you use the mount command to unmount a sshfs-mounted filesystem (rather than fusermount)?
  8. Look at the questions in Assignment 4. What experiments can you do to help you answer those questions?