Experience Using Flash + USB For SSH Keys?

Alex Satrapa grail at goldweb.com.au
Tue Dec 3 09:28:25 EST 2002


Ben Elliston wrote:
> One thing you forgot in your fstab entry is the "noatime" keyword.

Does the (v)fat filesystem know about atime stuff?  I suppose this might 
be the "archive" flags in the directory entries.

I don't know how to mount a CF "read only" under Windows.  I suspect 
there is a "read only" option under Mac OS X, since it's got a Unix base.

> Otherwise, if you mount your CF disk under your home directory

On my machine, the CF is always mounted to /tanya/CF-Card, and in my 
home directory, .ssh is a symlink to /tanya/CF-Card/alex/.ssh.  I don't 
think "find" (or the 'update' task that updates the locate database) 
will follow dot-directories unless you explicitly tell it to.

But your point is still valid.  I should only update the known-hosts 
file with host keys of trusted hosts, this means there's one less reason 
to allow write-access to my Flash card.  Now I just have to figure how 
to get Putty under Windows to read the appropriate known-hosts file.

> I ... installed pam_ssh so that my thumb drive had to be
> present and connected to the laptop in order to even log in.

This isn't so good for the other people who use my computer, who don't 
have CF cards.  I could always issue them one, I guess.  But they have 
no need for it yet - they're not as paranoid about their housemates 
abusing SSH keys as I am ;)

> pam_ssh has the nice property that it will automatically load the key
 > you've just unlocked into an agent keyring.

I am still trying to figure out the inverse process though - I want the 
ssh-agent to forget about the keys it's holding when I remove the CF 
card.  At present, my ssh-agent will die when I exit X-Windows, which is 
half way there.  I don't have a similar setup for my Mac OS X machine.

Thanks for your thoughts
Alex





More information about the linux mailing list