[GTALUG] SSH key on a USB stick

William Witteman wwitteman at gmail.com
Mon Mar 30 15:29:33 UTC 2015


It has been a little while since I had my key on my USB thumbdrive,
but if I recall correctly I had to copy it there manually, because SSH
doesn't trust it.  Once it is in place though, I was able to use it
without difficulty, even though the permissions were too loose.

To be fair, I was using the key with PuTTY on Windows, not on a UNIX
box, so that might be a problem.

On 30 March 2015 at 11:24, Giles Orr <gilesorr at gmail.com> wrote:
> I'd like to keep an SSH key on a USB stick rather than storing it
> locally on every machine I want to use the key on.  The theory is that
> this is "more secure" for laptops that could be stolen or lost, or
> used by others (ie. at work).  The problem is that when I run "ssh-add
> /media/stick/my_dsa" ssh refuses to use the key because the security
> permissions are too liberal.  As you can probably guess, this is
> because the USB key is formatted as vfat and I'm trying to use the key
> on a Unix system - the problem was actually encountered on a Mac
> laptop, I'm assuming the behaviour would be the same with a Linux
> machine - even if it's not, I need a solution for the Mac.  vfat
> doesn't support per-user permissions, and so the stick is mounted such
> that all files have 777 perms.
>
> I did some research which told me there's no way to tell ssh to ignore
> the perms error.  I've seen a variety of solutions for this, but none
> are simple.  I don't want to make a local copy of the key every time I
> have to add it.  I don't want to have a separate ext4 partition on the
> key - not only is that awkward, but the ownership of the key is going
> to be a problem given that the UID of my user on the Mac won't be the
> same as it is on Linux machines (and may not even be the same on all
> my Linux machines, although I've tried to make that so).  Has anyone
> found an elegant/simple solution for this?
>
> --
> Giles
> http://www.gilesorr.com/
> gilesorr at gmail.com
> ---
> Talk Mailing List
> talk at gtalug.org
> http://gtalug.org/mailman/listinfo/talk


More information about the talk mailing list