Passphrases, when used the good way, present a higher level of security over passwords, but what if you are editing scripts on a remote server using a local Vim ? For every open, write, explore, you are asked for it. After a certain amount of times, it starts making no sense, and you’ll end up writing the entire passphrase in clear text mode (hopefully, not during a presentation).

So, a good solution is to generate a key to use with SSH, then edit the remote files with a local:

vim -f scp://user@host.tld//path/to/the/scripts/

To generate the public/private key pair, and conjecturing you have openssh local and remotely, just locally do:

$ cd ~/.ssh
$ ssh-keygen

you may have to specify the type, say,

$ ssh-keygen -t rsa

You may specify a name, or by default you’ll get a ~/.ssh/id_rsa for the rsa type.
Then insert the passphrase that is used to access the remote server.
This creates the private/public key pair, as you can see on a directory listing.

On the remote host: if you have no ~/.ssh dir on the remote host, to have it created by sshd just ssh any server you know and it will be created with the right privileges.

On the local host: there are other options, like using named files, but one is to:

$ scp ~/.ssh/id_rsa.pub user@host.tld:/home/user/.ssh/authorized_keys2

There will be no need to advise do_not_upload the private key, right ? Just upload the .pub public key file. Finally, locally, add the rsa identity to the authentication agent on the local host:

$ ssh-add

this, if your key is id_rsa, that contains the protocol version 2 RSA authentication identity of the user. If not:

$ ssh-add my_key_filename

Test ? Just try to ssh your remote host:

$ ssh user@there.tld

Specifying no user, it will assume your $USERNAME is ssh’ing… If it’s all right, you were not asked to insert the passphrase, did you ? Now go and lend your laptop to someone, or leave it in the trunk of the car while dating some chic…

Back to Vim. Let’s explore a remote dir, and open some files:

$ vim -f scp://user@host.tld//path/to/the/scripts

:Explore

Select and press Enter on some file

:Vexplore

Select and press Enter on another file

lovely ? Indeed, and you are using your own .vimrc specs!! The cool (but security questionable) part is that if you were not using the, say, RSA keys, you’d have to insert the passphrase on every operation. Back on our last example, 5 times.

Finally. Of course you are using Gnome and if you go Places > Connect to Server > Service type: SSH > … and you name your connection My_Server_02, you’ll not need to use the… passphrase. Go run GEdit and open the remote server scripts…

Advise: read more on the web about openssh, check the MAN pages for ssh, ssh-add, ssh-agent, ssh-keygen, sshd, scp,…

posted by pedro mg at 12:42 am & filed under , tech, web, linux, os, file, shell, code, vi, vim, gvim, ssh |