Experience Using Flash + USB For SSH Keys?
Alex Satrapa
grail at goldweb.com.au
Mon Dec 2 23:47:42 EST 2002
I've been using a CF card + USB reader to store stuff to transport
between machine for a few weeks now, and figured I'd share my
experiences so far, and see if anyone has anything to contribute to my
further learning in this arena. The following are some random thoughts,
in no particluar order.
First, there's the cost:
- $50-$100 for the USB CF reader (usually a multiple device reader,
eg: SmartMedia/CompactFlash/Memorystick)
- around $2/MiB for the CF itself (eg: $100 for 64MiB)
Then there's the "convenience"
- Installing drivers on Mac OS X, Windows etc for multi-function readers
- Apparently pure CF readers don't need drivers, they look like USB
storage devices
- CF is slow compared to HDD or network
I've used CF to store:
- SSH keys
- PGP/GPG keys
- SSH clients for various OSes
- other files too big for floppy
What I can't use CF to store:
- Drivers for CF readers (obvious reasons ;)
Using the one CF card for pictures in the digital camera, and SSH keys
for the computer is fine - the digital camera file system resides under
a folder for itself, which won't interfere with your other data. The
camera is smart enough to realise that disk space can be used up by
stuff other than photos.
The CF must be formatted in the lowest common denominator file system -
in my case, that's (V)FAT (otherwise the camera can't use it) - play it
safe, if you have to share a CF with a camera, format the CF in the
camera. This means you have to fiddle with permissions at mount time,
rather than on the file system itself eg in Linux, set one of the
options in fstab to something like:
/dev/scsi/host1/bus0/target0/lun0/part1 /tanya/CF-Card auto
rw,user,noauto,nodev,sync,nosuid,umask=0077 0 0
Otherwise other users have access to your key material.
You have to trust root on the system that you stick the CF card into.
You can carry around SSH clients for each platform, but you still have
to trust root - eg: on a Windows box, you'd want to make sure there
wasn't a virus infecting your Windows SSH client on the CF. You don't
want the admin of any other system running a keylogger shell around your
program. So using the SSH client on the CF is a matter of convenience,
there's little or no security associated with carrying your own client
around with you. Storing the SSH client on CF has the added benefit of
making things slower, since CF is much slower than a UDMA-100 hard drive.
Methods for mounting the CF under Linux include using "wmmount" or some
similar mounting application running under your X session, or using
automount to automatically mount the CF when accessed.
Typically under Linux you might mount the CF under a specific directory,
then have a symlink from ~/.ssh -> /tanya/CF-Card for example. Mount
the CF as "umask=0077" to prevent other people getting access to it.
Make sure the CF is mounted as the user who asked for it.
Storing keys on a CF is a means of denying access to your key material
when you are not physically present (assuming you killed all the
ssh-agents). Storing keys on CF does not make keys magically secure -
they are only as secure as your pocket, or your ssh-agent.
I'd love to see a modification to ssh-agent which will delete keys that
it can no longer see (either during a regular poll, or when it's told a
file system has been unmounted).
In terms of convenience, a USB flash key beats CF + reader hands down.
Unless you already have the reader because you have a digital camera.
Digital cameras with USB connections generally don't let you access
stuff other than the photos that that specific camera stored. ie: you
can't hook up your Nikon Coolpix 995 and expect to recover your SSH
keys. This is good and bad - the digital camera with CF acts as a
"covert channeL". If you're responsible for IT security, your policy
should be "check the CF" - not "check the camera".
When I Google for other opinions about SSH keys and flash, I keep
getting some article about how applications should beep and flash and be
generally annoying when "dangerous" stuff happens (eg: host key not
already in known_hosts file).
Based on this rambling, does anyone know of lessons I have yet to learn?
Alex
More information about the linux
mailing list