Edit remote scipts on local VIM under SSH generated RSA keys

September 20, 2008 by pedro mota

Passphrases, when used the good way, present a higher level of security over passwords, but what if you are editing scripts on a remote server using a local Vim ? For every open, write, explore, you are asked for it. After a certain amount of times, it starts making no sense, and you’ll end up writing the entire passphrase in clear text mode (hopefully, not during a presentation).\n\nSo, a good solution is to generate a key to use with SSH, then edit the remote files with a local:\n\nvim -f scp://user@host.tld//path/to/the/scripts/\n\nTo generate the public/private key pair, and conjecturing you have openssh local and remotely, just locally do:\n\n$ cd ~/.ssh\n$ ssh-keygen\n\nyou may have to specify the type, say,\n\n$ ssh-keygen -t rsa\n\nYou may specify a name, or by default you’ll get a ~/.ssh/id_rsa for the rsa type.\nThen insert the passphrase that is used to access the remote server.\nThis creates the private/public key pair, as you can see on a directory listing.\n\nOn the remote host: if you have no ~/.ssh dir on the remote host, to have it created by sshd just ssh any server you know and it will be created with the right privileges.\n\nOn the local host: there are other options, like using named files, but one is to:\n\n$ scp ~/.ssh/id_rsa.pub user@host.tld:/home/user/.ssh/authorized_keys2\n\nThere will be no need to advise do_not_upload the private key, right ? Just upload the .pub public key file. Finally, locally, add the rsa identity to the authentication agent on the local host:\n\n$ ssh-add\n\nthis, if your key is id_rsa, that contains the protocol version 2 RSA authentication identity of the user. If not:\n\n$ ssh-add my_key_filename\n\nTest ? Just try to ssh your remote host:\n\n$ ssh user@there.tld\n\nSpecifying no user, it will assume your $USERNAME is ssh’ing… If it’s all right, you were not asked to insert the passphrase, did you ? Now go and lend your laptop to someone, or leave it in the trunk of the car while dating some chic…\n\nBack to Vim. Let’s explore a remote dir, and open some files:\n\n$ vim -f scp://user@host.tld//path/to/the/scripts``\n\n`:Explore`\n\nSelect and press Enter on some file\n\n`:Vexplore`\n\nSelect and press Enter on another file\n\nlovely ? Indeed, and you are using your own .vimrc specs!! The cool (but security questionable) part is that if you were not using the, say, RSA keys, you'd have to insert the passphrase on every operation. Back on our last example, 5 times.\n\nFinally. Of course you are using [Gnome](\"http://www.gnome.org\" "\"Gnome") :) and if you go Places > Connect to Server > Service type: SSH > ... and you name your connection My_Server_02, you'll not need to use the... passphrase. Go run [GEdit](\"http://www.gnome.org/projects/gedit/\" "\"gedit") and open the remote server scripts...\n\nAdvise: read more on the web about [openssh](\"http://www.openssh.com/\" "\"OpenSSH"), check the MAN pages for ssh, ssh-add, ssh-agent, ssh-keygen, sshd, scp,...\n``

© 2018 | Follow on Twitter | pedro mg & Hugo