Mount a network (netatalk) AFP volume using a public key instead of an SSH login password?

ssh afp

Solution 1:

I don't think this is possible (authentication with OpenSSL cert), based on the linux man page, and the Apple tech documentation listing out authentication methods.

If you linux sys admin wants to use passwordless auth, then you're limited to setting up kerberos.

Alternatively, you could do something like setup an ssh tunnel to connect to the server, and send your AFP traffic through it, and just have the server listen on localhost, limited to accepting local requests. It's still not secure, and still using password-based auth, but it's limiting that traffic to within the machine itself. Traffic out on the wire is SSH encrypted, and authed using your cert.

You can start an SSH tunnel as follows:

ssh -f -N -L 10548:[yourserver]:548 [user@yourserver] -i [path/to/your/ssh/key]

This will start an ssh tunnel in the background tunneling from 10548 on your local machine to port 548 on the server.

Then in macOS, in Finder, use the Connect to Server and connect to: afp://127.0.0.1:10548

Or - use something like FUSE and sshfs (not AFP, but it's trivial to setup).

Related

leap year determination
27" iMac with mini display port and Windows 10 - use in target display mode?
Is there a way I can take pictures and videos out of iCloud without losing metadata?
export from photos (mac) including edited metadata
MySQL server (MariaDB) cannot start
What is the fastest filesystem to use under Linux on EC2 for MySQL?
Puppet : How to override / redefine outside child class (usecase and example detailled)
sql server maintenance plan
*nix measure memory usage
Netcat command line issues
Use Google analytics to alert on traffic spike source
Is it possible to run a batch script remotely on a Windows machine from Linux without installing ssh?