Experience Using Flash + USB For SSH Keys?
Alex Satrapa
grail at goldweb.com.au
Tue Dec 3 09:28:25 EST 2002
Ben Elliston wrote:
> One thing you forgot in your fstab entry is the "noatime" keyword.
Does the (v)fat filesystem know about atime stuff? I suppose this might
be the "archive" flags in the directory entries.
I don't know how to mount a CF "read only" under Windows. I suspect
there is a "read only" option under Mac OS X, since it's got a Unix base.
> Otherwise, if you mount your CF disk under your home directory
On my machine, the CF is always mounted to /tanya/CF-Card, and in my
home directory, .ssh is a symlink to /tanya/CF-Card/alex/.ssh. I don't
think "find" (or the 'update' task that updates the locate database)
will follow dot-directories unless you explicitly tell it to.
But your point is still valid. I should only update the known-hosts
file with host keys of trusted hosts, this means there's one less reason
to allow write-access to my Flash card. Now I just have to figure how
to get Putty under Windows to read the appropriate known-hosts file.
> I ... installed pam_ssh so that my thumb drive had to be
> present and connected to the laptop in order to even log in.
This isn't so good for the other people who use my computer, who don't
have CF cards. I could always issue them one, I guess. But they have
no need for it yet - they're not as paranoid about their housemates
abusing SSH keys as I am ;)
> pam_ssh has the nice property that it will automatically load the key
> you've just unlocked into an agent keyring.
I am still trying to figure out the inverse process though - I want the
ssh-agent to forget about the keys it's holding when I remove the CF
card. At present, my ssh-agent will die when I exit X-Windows, which is
half way there. I don't have a similar setup for my Mac OS X machine.
Thanks for your thoughts
Alex
More information about the linux
mailing list