[ggm]

Any time a proposal to put PRIVATE keys into a portable object is raised, I hope to see discussion of the risks.

This is extremely risky for the integrity of the remote copy. If the key is compromised (USB stick lost or acquired by a bad faith actor) then the remote repository is untrustable.

I suppose this is no different to normal keyloss, and some people maintain their keys on removable devices and are exposed to this loss, if the device does not have additional protections.

If it's not a bare (private) key, I suppose then it comes down to the ssh-agent chain over that key, and the strength of your wrapper protection.

[nine_k]

(1) Won't an SSH key with a passphrase solve this? Whoever picks up the lost USB stick won't be able to guess a good passphrase.

(2) It seems like a USB key (like Yubikey) combined with a fair amount os USB-attached storage could be a viable product for some applications! The storage could even be encrypted for (some) extra security.

[doug713705]

> (1) Won't an SSH key with a passphrase solve this? Whoever picks up the lost USB stick won't be able to guess a good passphrase.

Yes but in that case your passphrase is your only security. Keeping your private key private, gives you 2 security levels: you must have the key and know the passphrase.

[ggm]

sure. picking a good passphrase is pretty vital.