[GTALUG] SSH key on a USB stick

Giles Orr gilesorr at gmail.com
Mon Mar 30 15:24:57 UTC 2015


I'd like to keep an SSH key on a USB stick rather than storing it
locally on every machine I want to use the key on.  The theory is that
this is "more secure" for laptops that could be stolen or lost, or
used by others (ie. at work).  The problem is that when I run "ssh-add
/media/stick/my_dsa" ssh refuses to use the key because the security
permissions are too liberal.  As you can probably guess, this is
because the USB key is formatted as vfat and I'm trying to use the key
on a Unix system - the problem was actually encountered on a Mac
laptop, I'm assuming the behaviour would be the same with a Linux
machine - even if it's not, I need a solution for the Mac.  vfat
doesn't support per-user permissions, and so the stick is mounted such
that all files have 777 perms.

I did some research which told me there's no way to tell ssh to ignore
the perms error.  I've seen a variety of solutions for this, but none
are simple.  I don't want to make a local copy of the key every time I
have to add it.  I don't want to have a separate ext4 partition on the
key - not only is that awkward, but the ownership of the key is going
to be a problem given that the UID of my user on the Mac won't be the
same as it is on Linux machines (and may not even be the same on all
my Linux machines, although I've tried to make that so).  Has anyone
found an elegant/simple solution for this?

-- 
Giles
http://www.gilesorr.com/
gilesorr at gmail.com


More information about the talk mailing list