Security Basics mailing list archives
Re: ssh key problem
From: Thomas Reinhold <mail () thomasreinhold de>
Date: Sun, 09 Jan 2005 16:26:50 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, thanks for your answers. I intended to use this stick only on my workstation (single user) or on Windows systems at work. But of course you are right about the security aspect. I have already written an alias that changes the relevant file permissions after mounting. I think it's just funny that the open-ssh client's behaviour cannot be changed (apart from hacking the source code, of course). Regards, Thomas Jon Hart wrote: | On Fri, Jan 07, 2005 at 04:12:41PM +0100, Thomas Reinhold wrote: | |>Hi everybody, |> |>I've got a little problem with my ssh authentication. I'm using RSA |>based key authentication when logging on to remote machines via open ssh |>(on Debian Sarge). |> |>Everything is working fine, but now after having put my keys on a |>usb-stick the ssh-client doesn't accept them anymore due to bad file |>permissions (not restrictive enough). I can change those permissions |>while the usb device is mounted, but after remounting they are set back |>to the old state. |> |>Is there any way to tell the ssh-client to ignore those file-permissions? | | | Those restrictions are there for a reason. Key based authentication in | SSH requires that you have they key and know the passphrase to decrypt | it -- something you have and something you know. | | If the permissions are world or group readable/writable, this form of | authentication is no more secure than plain old username and password | authentication because a malicious local user could possible gain access | to the keyfile. Then all they'd have to do is obtain the passphrase. | | Suggestions? Don't try and circument this. Mount the USB device so | that file permissions get applied correctly. If this is a windows-ish | filesystem on the USB device, you'll probably have to force the | permissions. `man mount` will tell you what options you need depending | on what filesystem is on that key. | | -jon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB4U06qpNu0Nuc+gwRAtJyAJ4iMpPH6R6Fm5ZbOYE12Q6zNTcGfQCeKnib WsXcpZoTpE0DHFk4vOGAIWI= =8O72 -----END PGP SIGNATURE-----
Current thread:
- ssh key problem Thomas Reinhold (Jan 07)
- Re: ssh key problem Ansgar -59cobalt- Wiechers (Jan 07)
- Re: ssh key problem Thomas Reinhold (Jan 07)
- Re: ssh key problem Ansgar -59cobalt- Wiechers (Jan 07)
- Re: ssh key problem Thomas Reinhold (Jan 07)
- Re: ssh key problem Jon Hart (Jan 07)
- Re: ssh key problem Thomas Reinhold (Jan 10)
- Re: ssh key problem Ansgar -59cobalt- Wiechers (Jan 07)