[TriLUG] private key permission/ownership on removable USB device

Ken Mink ken.mink at gmail.com
Mon Feb 28 12:06:07 EST 2005


Here's the way I did that for my machines:

1) Leave the key drive a fat file system.

2) Use autofs to mount the drive when needed with the following fat
mount options;
   uid=<your uid>,gid=<your gid>,umask=0177
     you set the uid and gid to your ids on each machine. The mask
makes the file perms 600, which ssh wants.

3) create a sym link in you .ssh directoy to the appropiate file in
the automounted filesystem.

I used mine this way for quite a while. I was eventually able to make
all my uids the same. Then I switched to ext2 filesystem on the key
drive. Actually I set up two partitions on my key drive. A small ext2
with my ssh stuff and a large fat filesystem with everything else.
That way I could access the utilities I kept there from windows
machines.


I hope I explained this well enough to make sense.

Have a better one,
Ken


On Fri, 25 Feb 2005 12:43:23 -0500, Mack.Joseph at epamail.epa.gov
<Mack.Joseph at epamail.epa.gov> wrote:
> I need my ssh private keys on several machines at different locations
> over which I don't have a lot of control. The keys are backed up
> to tape and I don't have control of the tapes either. Instead of leaving
> my private key on a whole lot of different disks, I thought of having
> my private key on a mountable usb device (with ext3 filesystem),
> but my uid/gids are different at different locations and the 600 private
> key is only  readable at one location.
> 
> I was hoping that something like
> 
> mount -t ext3  -o uid=my_name,gid=my_group /dev/zip /mnt
> 
> (with /dev/zip owned by root)
> would work, but  these options give errors (bad option).
> `man mount` doesn't show these options for ext2/3 filesystems.
> 
> I then tried mounting the /proc/bus/usb filesystem with devuid=my_name.
> The usb devices are all owned by me, but then the filesystems on
> the usb device still have their original ownerships
> 
> How do I use a removable private key on different machines?
> 
> Thanks Joe
> 
> ---
> Joseph Mack PhD, High Performance Computing & Scientific Visualisation
> LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
> Federal Contact - John B. Smith 919-541-1087 - smith.john at epa.gov
> 
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> 


-- 
---------------------------------------------
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."--Benjamin Franklin
" 'Necessity' is the plea for every infringement of human liberty; it
is the argument of tyrants; it is the creed of slaves."--William Pitt



More information about the TriLUG mailing list