matt68000
Level 1 (0 points)

Q: Disk image can mount from local terminal with "open" command but not via ssh

I have a disk image "backup_image.sparsebundle". If I go to the terminal on my machine and type "open backup_image.sparsebundle" the disk image mounts as expected. No problems. If I secure shell (ssh) log in from a remote Mac and execute the same "open backup_image.sparsebundle" a warning dialog pops up and states that "The following disk images couldn't be opened" followed by my disk name. This is incredibly odd because it used to work just fine. I didn't think there were any ACL differences between a local terminal shell and remote ssh. I mean a shell is a shell right? Or, it used to be and now it isn't? I'm not doing anything obviously incorrect (to me); I'm the same user locally and remotely, same path to disk image. This used to work fine before Mountain Lion.

 

Background: All of this started because I wrote a script that would ssh in to a remote machine, open the disk image on that remote machine, mount it across the network over afp and rsync. If I leave the disk image mounted on the remote machine, the script runs fine but if the image is close and I try to remotely open the image as I always did, it fails. The only thing that has changed in the system is, now, both machines are running Mountain Lion. Odd.

 

Suggestions?

MacBook Pro, OS X Mountain Lion (10.8.2)

Posted on Oct 28, 2012 1:48 AM

by matt68000,Solvedanswer
matt68000 matt68000
Level 1 (0 points)
A:

Storing the password for the remote disk image in the local keychain of the computer running the script (in to a variable), then passing it accross to the remote machine worked. I'm not sure why all of this changed moving from Lion to Mountain Lion but I suppose it is slightly more secure.

 

To programatically mount and sync a remote encrypted disk:

 

#!/bin/bash

 

if [ -n "`mount | grep ~/sync`" ]; then

  echo "Already mounted"

else

  pw=$(security -v find-generic-password -w -D "application password")

  ssh -o ConnectTimeout=1 user@xxx.xxx.xxx.xxx "echo $pw | hdiutil attach /Users/user/backup_image.sparsebundle"

  mkdir ~/sync

  mount_afp -s "afp://matdup01:Armbwan1@192.168.1.102/Disk Image" ~/sync

fi

 

if [ $? -eq 0 ]; then

  echo "Mount succeeded!"

else

  echo "Mount Failed"

  exit 0

fi

 

rsync -vrxtu --delete-before --exclude _* "/Volumes/Media/new Media/" ~/sync/new\ media/

 

umount ~/sync

rmdir ~/sync

exit

Posted on Oct 29, 2012 2:56 AM

Close
matt68000

Q: Disk image can mount from local terminal with "open" command but not via ssh

  • All replies
  • Helpful answers

  • by surogat70,

    surogat70 surogat70 Oct 28, 2012 11:53 AM in response to matt68000
    Level 2 (150 points)
    Oct 28, 2012 11:53 AM in response to matt68000

    Maybe this is the root of the problem? -> http://support.apple.com/kb/HT4700

  • by matt68000,

    matt68000 matt68000 Oct 28, 2012 12:51 PM in response to surogat70
    Level 1 (0 points)
    Oct 28, 2012 12:51 PM in response to surogat70

    That second paragraph in my original post is a bit of a distraction. The issue is not with AFP, that part works fine. The issue is with mounting the disk image with "open backup_image.sparsebundle". The DiskImageMounter.app launches as a result of that command whether I'm on a terminal session on the actual machine or secure shell. The difference is in a local session the disk image mounts but from a ssh session, it does not.

     

    I verified this without actually being remote just now. If I open a terminal session and then "ssh localhost" and secure shell in to my own machine and try to open the disk image, it fails in the same manner. DiskImageMounter.app does not like being executed from a ssh session.

     

    [user:~] user: who

    computer_name console  Oct 18 00:17

    computer_name ttys000  Oct 28 12:32       <---- ttys000 can open the disk image

    [user:~] user: ssh localhost

    Last login: Sun Oct 28 12:32:55 2012

    [user:~] user: who

    computer_name console  Oct 18 00:17

    computer_name ttys000  Oct 28 12:32       <---- ttys000 can open the disk image

    computer_name ttys001  Oct 28 12:33           (localhost)          <---- ttys001 can NOT open the disk image

    computer_name ttys002  Oct 28 12:35        <---- ttys002 can open the disk image

     

     

    I combed /private/var/log/eventmonitor and system.log but nothing appears (which is odd, system.log usually has too much info).

  • by surogat70,

    surogat70 surogat70 Oct 28, 2012 1:29 PM in response to matt68000
    Level 2 (150 points)
    Oct 28, 2012 1:29 PM in response to matt68000

    Have you every tried using hdiutil for the purpose of mounting images via command line?

  • by matt68000,

    matt68000 matt68000 Oct 29, 2012 2:28 AM in response to surogat70
    Level 1 (0 points)
    Oct 29, 2012 2:28 AM in response to surogat70

    Great idea but there is a wrinkle in the plan. My disk images are password protected (encrypted). Using the "open" causes DiskImageMounter.app to launch and, since the password is stored in the keychain and always approved, I never have to enter the password so long as the image is mounted on the correct machine. I prefer that layer of security even though it is arguably flawed. If I open with hdiutil, it asks for the password and my script to synchronize goes from being automated to requiring interaction to enter the password. -stdinpass could work but then I'd have to store the password clear text in the script. I'll see if I can sort something out with -recover or "secuirty".

     

    Odd that if I do "hdiutil attach backup_image.sparsebundle" on the local machine, it mounts without asking for the password but if I do it from a ssh session, it does ask.

     

    The same goes with if I try to programatically get the password from the keychain with:

    security find-generic-password -w -D "disk image password" -l backup_image.sparsebundle

     

    If I'm local, it spits out the password, no problem. If I ssh in, no luck.

     

    e.g.

    security find-generic-password -w -D "disk image password" -l backup_image.sparsebundle | hdiutil attach backup_image.sparsebundle

    This works locally just fine but again, hosed if I try it remotely

     

    I suppose the solution is to store the password in they keychain of the computer trying to issue the remote command, programatically retreive it from that keychain in to a script variable and send it through the network?

     

    Thanks for the idea though!

     

    Doh.

  • by matt68000,Solvedanswer

    matt68000 matt68000 Oct 29, 2012 2:56 AM in response to matt68000
    Level 1 (0 points)
    Oct 29, 2012 2:56 AM in response to matt68000

    Storing the password for the remote disk image in the local keychain of the computer running the script (in to a variable), then passing it accross to the remote machine worked. I'm not sure why all of this changed moving from Lion to Mountain Lion but I suppose it is slightly more secure.

     

    To programatically mount and sync a remote encrypted disk:

     

    #!/bin/bash

     

    if [ -n "`mount | grep ~/sync`" ]; then

      echo "Already mounted"

    else

      pw=$(security -v find-generic-password -w -D "application password")

      ssh -o ConnectTimeout=1 user@xxx.xxx.xxx.xxx "echo $pw | hdiutil attach /Users/user/backup_image.sparsebundle"

      mkdir ~/sync

      mount_afp -s "afp://matdup01:Armbwan1@192.168.1.102/Disk Image" ~/sync

    fi

     

    if [ $? -eq 0 ]; then

      echo "Mount succeeded!"

    else

      echo "Mount Failed"

      exit 0

    fi

     

    rsync -vrxtu --delete-before --exclude _* "/Volumes/Media/new Media/" ~/sync/new\ media/

     

    umount ~/sync

    rmdir ~/sync

    exit

  • by georgi0,

    georgi0 georgi0 Aug 13, 2013 3:53 AM in response to matt68000
    Level 1 (0 points)
    Aug 13, 2013 3:53 AM in response to matt68000

    Syntax Error:

    Screen Shot 2013-08-13 at 1.51.17 PM.png

     

    can you help?