After reading this ssh security hint, and the various comments regarding using USB drives for storing private keys, it got me motivated to actually try it. Well, I also use Linux and Windows machines, and ran into a problem: Mac OS X will not use a private key on the VFAT file system. A USB drive formatted VFAT is recognized as having all files and folders with permissions set to 777 -- and ssh will only use keys set to 600 or similar. I also had to figure out how to set this up using a different volume.
My solution was to make two copies of my private key (well three, actually, as I use Putty on the PC and it requires a key in its own format): one on the drive itself, and one in a sparseimage on the drive. That way, linux had access to the key on the VFAT partition, and I can mount the sparse image while I am at my Mac.
The next issue was how to get Mac OS X, or any unix, to use a key on a USB drive. It turns out that this is actually very easy. In a Terminal window, do the following:
$ cp /etc/ssh_config ~/.ssh/config
$ pico ~/.ssh/config
Now find this line:
# IdentityFile ~/.ssh/identity
Remove the # to uncomment it, and change the path to that of your key on the USB drive. Finish by logging out then back in. If everything is set up right, your public key authentication will not work without your USB drive and/or sparse image mounted. As soon as your drive is mounted, authentication works like expected.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20050218224449785