I often work with remote hosts on multiple devices, mostly Windows and Linux machines. To avoid deploying my SSH keys everywhere, and circumvent the hassle of syncing SSH configuration, I put my SSH config file and keys in a Bitlocker encrypted NTFS partition in my pen drive.
I use include
inside the SSH config on my working machines so that I can only access the remote hosts on the machine where my pen drive is plugged in and decrypted. Under Linux, NTFS mount options uid=1000,dmask=077, fmask=177
are used so the config file and SSH keys have the correct permission.
The problem is with the SSH client on Windows. The client complains about bad permission unless the owner of the key files is the current user, and there is no other user who has access to the files (see this post for details). Unlike the UNIX system, where uid=1000
refer to the default user in most cases, the NTFS permission object defined is not shared across the system. Therefore, when the pen drive is plugged into another Windows machine, the file is owned by Account Unknown(S-1-5-21-235848236-322578882-4173758772-1003)
, which does not work. The only solution I have right now is to manually change the ownership and permission of the files every time I switch my pen drive to another Windows machine.
I am looking for suggestions on improving my current setup. Any help is appreciated.
Update:
I tested and SSH does not even work with OWNER RIGHTS
of NTFS.
gpg
|| Gpg4Win with Kleopatra loaded). @User1686's Suggestion #1 seems the simplest and most efficient way to go about this. General FYI: SSH key best practice is to encrypt the key, negating the need for an encrypted container.