-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Well, the problem is I'm not always at places I can predict. On holiday
for instance, I need to be able to access the machines in case of
emergency, and also at other people's places. NTFS is therefore also not
an option, since I can't predict if I wont be sitting at a windows 98
machine.
But I indeed made 2 partitions already, one FAT with only a putty .pkk
private key which was generated from an openssh private key.
The other partition on my memorystick is indeed ext2, but not with 600
permissions, since that would give a problem on a linux machine where I
can't control the uid that owns the id_dsa file. But I probabely won't
use the ext2 partition often since the linux machines I use are machines
I use regularly and for those machines I generated keys for that
specific client with 600 permissions. I only may want to use the ext2
partition from a knoppix booted machine or something.
Putty can use a key whithout checking the permissions of the key, so for
windows the problem is solved. For linux I can set the permissions of
the files on the ext2 partition of the USB stick when I want to use the
key, so OpenSSH will also accept it.
What I'm wondering though, is why is it so important to have 600
permissions on a private key if the key is protected well by a
passphrase (not guessable from a dictionary and longer than 15
characters). I agree you would want to have a standard behaviour of
rejecting keys which are publicly readable, but being able to override
that behaviour would be good, for instance for specific users, or only
if the private key is protected by a passphrase or something. It kinda
looks like windows where decisions are made for you instead of giving
people the possibility to think for themselves. I appreciate it very
much that OpenSSH is made fool proof as much as possible, but on the
other hand, not everybody is always a fool (everybody is sometimes
though :).
Well, thanks for all the help. I appreciate it! And thanks for OpenSSH,
I couldn't live without it! :) People will always have something to
complain about, but it's great!
Dolf Andringa.
Alexander Klimov schreef:
On Sun, 30 Oct 2005, Dolf Andringa wrote:
I'm using public key authentication to access some servers through ssh.
I put my private key on a usb memory stick cause I need to access the
servers from different locations (when on holiday, from my home, from my
office, etc). I've password protected the private key with a very long
passphrase which is virtually unguessable. To be able to access the
private key from multiple OS'es, the fs of the memorystick is fat16.
Fat16 does not support any rights on files, so mounted on linux, all
files have 0755 permissions.
It is possible to mount your drive with 0600:
man mount
search for fat and read about uid, gid, umask, dmask, and fmask
Btw, why don't you simply copy your key to each of your workstation
and change permissions?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDZ6AWKaTTNeXBMakRAo6nAJ9IatKSk7Rd7oTdFSk2V/RCu8BftACbBeZb
mCZ1+T/0rExzsxsEnO4CyhM=
=Herz
-----END PGP SIGNATURE-----
