UDF on MacOS and Linux

Recently I wanted to have the ability to use SSH to log in to my Amazon Lightsail instances from my work laptop. For privacy reasons, I didn’t want to put my SSH private key permanently on the laptop and I didn’t want to put the public key for my laptop on the Lightsail instances.

Since I’m very comfortable with the unix command line, I decided to put a new (password protected) private key on a flash drive so I could use that key to log in to the Linux instances.

The problem is permissions.

SSH won’t let you use a private key file with open permissions. If the key file is world readable, it will display an error and refuse to use it. There isn’t a workaround that I’ve been able to find (other than recompiling SSH from source with modifications).

This mean that the most common flash drive file systems (FAT, FAT32, & exFAT) can’t be used. None of those file system formats support permissions.

I could have formatted the flash drive using the MacOS HFS format, and installed the necessary packages on my Ubuntu Laptop to support that, but I wanted to go for something more generic.

After some research, I decided to give the User Defined File system (udf) a try.

I did have to install UDF support on the Ubuntu system, but that wasn’t a big deal.

sudo apt-get install udftools

To format the flash drive on my Mac, I used this command:

sudo newfs_udf -m blk -v <label> /dev/disk<n>

Important to note, the device file (/dev/disk<n>) must be the device itself, not a partition of the device (on Mac systems a partition will be denoted with ‘s9’ after the device name where 9 is the partition number, for example /dev/disk4s1).

After the UDF file system is created on the flash drive, you must … eject the drive, physically remove the device, and re-insert it. The device will now show up on the system as “/Volumes/<label>”.

Interestingly, the owner of the mounted device is the currently logged in user.

macbook-pro:newkey david$ ls -l /Volumes/FLASHDRIVE/
total 3
-rw-------@ 1 david  staff  1073 Jul 11 10:11 aws-key

I copied the new SSH private key file to the flash drive, made sure the permissions were correct, and ejected the drive.

I then inserted the drive into my Ubuntu system. It mounted correctly right away.

I was then able to log in to my Lightsail instances using the command

slogin -i /media/<my linux user id>/<flash drive label>/<private key file> ec2-user@<aws hostname>

Interestingly, when the UDF formatted flash drive is mounted, the owner is the logged in user, but had the correct permissions.

user@linux:~#: ls -l /media/user/FLASHDRIVE/
total 2
-rw-------- 1 user  user  1073 Jul 11 10:11 aws-key

So far it’s been working well. I’m pleased with this little project.

Leave a Reply

Your email address will not be published.