-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, the problem is I'm not always at places I can predict. On holiday for instance, I need to be able to access the machines in case of emergency, and also at other people's places. NTFS is therefore also not an option, since I can't predict if I wont be sitting at a windows 98 machine. But I indeed made 2 partitions already, one FAT with only a putty .pkk private key which was generated from an openssh private key. The other partition on my memorystick is indeed ext2, but not with 600 permissions, since that would give a problem on a linux machine where I can't control the uid that owns the id_dsa file. But I probabely won't use the ext2 partition often since the linux machines I use are machines I use regularly and for those machines I generated keys for that specific client with 600 permissions. I only may want to use the ext2 partition from a knoppix booted machine or something. Putty can use a key whithout checking the permissions of the key, so for windows the problem is solved. For linux I can set the permissions of the files on the ext2 partition of the USB stick when I want to use the key, so OpenSSH will also accept it.
What I'm wondering though, is why is it so important to have 600 permissions on a private key if the key is protected well by a passphrase (not guessable from a dictionary and longer than 15 characters). I agree you would want to have a standard behaviour of rejecting keys which are publicly readable, but being able to override that behaviour would be good, for instance for specific users, or only if the private key is protected by a passphrase or something. It kinda looks like windows where decisions are made for you instead of giving people the possibility to think for themselves. I appreciate it very much that OpenSSH is made fool proof as much as possible, but on the other hand, not everybody is always a fool (everybody is sometimes though :). Well, thanks for all the help. I appreciate it! And thanks for OpenSSH, I couldn't live without it! :) People will always have something to complain about, but it's great! Dolf Andringa. Alexander Klimov schreef: > On Sun, 30 Oct 2005, Dolf Andringa wrote: > >>I'm using public key authentication to access some servers through ssh. >>I put my private key on a usb memory stick cause I need to access the >>servers from different locations (when on holiday, from my home, from my >>office, etc). I've password protected the private key with a very long >>passphrase which is virtually unguessable. To be able to access the >>private key from multiple OS'es, the fs of the memorystick is fat16. >>Fat16 does not support any rights on files, so mounted on linux, all >>files have 0755 permissions. > > > It is possible to mount your drive with 0600: > man mount > search for fat and read about uid, gid, umask, dmask, and fmask > > Btw, why don't you simply copy your key to each of your workstation > and change permissions? > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDZ6AWKaTTNeXBMakRAo6nAJ9IatKSk7Rd7oTdFSk2V/RCu8BftACbBeZb mCZ1+T/0rExzsxsEnO4CyhM= =Herz -----END PGP SIGNATURE-----
