[TriLUG] USB keychains and private keys

Brian Weaver brianweaver at nc.rr.com
Sat Jul 17 01:00:41 EDT 2004 

I use a USB keychain to store my OpenSSH keys that I use on Linux and my
Mac. SSH always gripes about the damn file permissions so I just created
a shell function to take care of the problem for me. I don't have it on
hand, but it's something like:

sshforceadd() {
	local rc=1
	local file="$1"
	if [ -n "$file" -a -f "$file" ] ; then
		local bn=`basename "$file"`
		touch /var/tmp/$bn
		chmod 0600 /var/tmp/$bn
		cat "$file" > /var/tmp/$bn
		ssh-add /var/tmp/$bn ; rc=$?
		rm -f /var/tmp/$bn
	fi
	return $rc
}

This way I don't have to worry about the mount permissions.

-Weave
		

Joseph Mack NA3T [jmack at wm7d.net] wrote on Thu, Jul 15, 2004 at 03:57:39AM -0700:
> I was thinking of getting a USB keychain flashcard to store (among other
> things) my private key(s). However ssh requires that your private key be
> 400. I assume the USB keychains are vfat, in which case you can only set
> the permissions to 444, and ssh won't accep the private key (tested on a
> vfat floppy).
> 
> Presumably I could put an ext3 file system on there, but then I won't be
> able to use the device to transfer files to a windows machine (which
> admittedly I don't do a whole lot, but would be useful to be able to do).
> 
> I understand that you're not supposed to reformat these devices a whole
> lot, and that you should use cramfs if you're going to reformat them.
> 
> Do people store their private keys on these USB keychains?
> 
> Can someone straighten me out?
> 
> Thanks Joe
> 
> -- 
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040717/e18d42f6/attachment.pgp>

More information about the TriLUG mailing list