[TriLUG] USB keychains and private keys

Nathan Conrad conrad at bungled.net
Thu Jul 15 10:56:45 EDT 2004 

Although I do not store my private key on an external device, there is
a way to make the drive mount with its files having permissions of 400.

The mount command is passed a set of parameters which are in turn
passed to the filesystem driver. The option that you want is
umask=700. You pass it to the mount command like:

mount /dev/usb_drive /mnt -t vfat -o umask=700

If you mount things as root, you will have to tell the drive to set
the creator of the files to yourself (by using your user id (find this
out by typing `id` when you are logged in.).):

mount /dev/usb_drive /mnt -t vfat -o umask=700,uid=1001

If you mount the drive as a user, it would need to be in your
/etc/fstab file. This file has a column for mount options, and the
entry would end up something like:

/dev/usb_drive /mnt vfat defaults,noauto,user,umask=700 0 0

The user option is not needed in this case because the owner defaults
to the user mounting the drive, which would be your username.

Although, this whole process could be being done with hotplug scripts,
in which case you would have to search for the proper line to modify
somewhere in them.

-Nathan

On Thu, Jul 15, 2004 at 03:57:39AM -0700, Joseph Mack NA3T wrote:
> I was thinking of getting a USB keychain flashcard to store (among other
> things) my private key(s). However ssh requires that your private key be
> 400. I assume the USB keychains are vfat, in which case you can only set
> the permissions to 444, and ssh won't accep the private key (tested on a
> vfat floppy).
> 
> Presumably I could put an ext3 file system on there, but then I won't be
> able to use the device to transfer files to a windows machine (which
> admittedly I don't do a whole lot, but would be useful to be able to do).
> 
> I understand that you're not supposed to reformat these devices a whole
> lot, and that you should use cramfs if you're going to reformat them.
> 
> Do people store their private keys on these USB keychains?
> 
> Can someone straighten me out?
> 
> Thanks Joe
> 
> -- 
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

-- 
Nathan J. Conrad 
Chapel Hill, NC, USA                 http://bungled.net
GPG: F4FC 7E25 9308 ECE1 735C  0798 CE86 DA45 9170 3112
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040715/62b68ffa/attachment.pgp>

More information about the TriLUG mailing list