Re: ssh key problem

[Jon Hart <warchild () spoofed org>]

On Fri, Jan 07, 2005 at 04:12:41PM +0100, Thomas Reinhold wrote:
> Hi everybody,
>
> I've got a little problem with my ssh authentication. I'm using RSA 
> based key authentication when logging on to remote machines via open ssh 
> (on Debian Sarge).
>
> Everything is working fine, but now after having put my keys on a 
> usb-stick the ssh-client doesn't accept them anymore due to bad file 
> permissions (not restrictive enough). I can change those permissions 
> while the usb device is mounted, but after remounting they are set back 
> to the old state.
>
> Is there any way to tell the ssh-client to ignore those file-permissions?

Those restrictions are there for a reason.  Key based authentication in
SSH requires that you have they key and know the passphrase to decrypt
it -- something you have and something you know. 

If the permissions are world or group readable/writable, this form of
authentication is no more secure than plain old username and password
authentication because a malicious local user could possible gain access
to the keyfile.  Then all they'd have to do is obtain the passphrase.

Suggestions?  Don't try and circument this.  Mount the USB device so
that file permissions get applied correctly.  If this is a windows-ish
filesystem on the USB device, you'll probably have to force the
permissions.  `man mount` will tell you what options you need depending
on what filesystem is on that key.

-jon