Passphrases, when used the good way, present a higher level of security over passwords, but what if you are editing scripts on a remote server using a local Vim ? For every open, write, explore, you are asked for it. After a certain amount of times, it starts making no sense, and you’ll end up writing the entire passphrase in clear text mode (hopefully, not during a presentation).
So, a good solution is to generate a key to use with SSH, then edit the remote files with a local:
vim -f scp://firstname.lastname@example.org//path/to/the/scripts/
To generate the public/private key pair, and conjecturing you have openssh local and remotely, just locally do:
$ cd ~/.ssh
you may have to specify the type, say,
$ ssh-keygen -t rsa
You may specify a name, or by default you’ll get a
~/.ssh/id_rsa for the rsa type.
Then insert the passphrase that is used to access the remote server.
This creates the private/public key pair, as you can see on a directory listing.
On the remote host: if you have no ~/.ssh dir on the remote host, to have it created by sshd just ssh any server you know and it will be created with the right privileges.
On the local host: there are other options, like using named files, but one is to:
$ scp ~/.ssh/id_rsa.pub email@example.com:/home/user/.ssh/authorized_keys2
There will be no need to advise do_not_upload the private key, right ? Just upload the .pub public key file. Finally, locally, add the rsa identity to the authentication agent on the local host:
this, if your key is id_rsa, that contains the protocol version 2 RSA authentication identity of the user. If not:
$ ssh-add my_key_filename
Test ? Just try to ssh your remote host:
$ ssh firstname.lastname@example.org
Specifying no user, it will assume your $USERNAME is ssh’ing… If it’s all right, you were not asked to insert the passphrase, did you ? Now go and lend your laptop to someone, or leave it in the trunk of the car while dating some chic…
Back to Vim. Let’s explore a remote dir, and open some files:
$ vim -f scp://email@example.com//path/to/the/scripts
Select and press Enter on some file
Select and press Enter on another file
lovely ? Indeed, and you are using your own .vimrc specs!! The cool (but security questionable) part is that if you were not using the, say, RSA keys, you’d have to insert the passphrase on every operation. Back on our last example, 5 times.
Finally. Of course you are using Gnome and if you go Places > Connect to Server > Service type: SSH > … and you name your connection My_Server_02, you’ll not need to use the… passphrase. Go run GEdit and open the remote server scripts…
Advise: read more on the web about openssh, check the MAN pages for ssh, ssh-add, ssh-agent, ssh-keygen, sshd, scp,…