(1) Does this whole approach even make sense from the perspectives of security, practicality?
kinda(2) If this is do-able, would I need some kind of encryption to use when sending a signed transaction from some internet cafe to the remote online machine via ssh?
You do not need any extra encryption. SSH is already encrypted. And the transaction will still be sent unencrypted when it goes to the network. The signature on the transaction prevents people from modifying the data (as it is supposed to) and people will still see the details of transaction when it hits the network.(3) Does Armory have the kind of command-line interface which would allow doing all this with no GUI the remote online machine running on Amazon AWS?
Yes. There is a daemon option. I think you should be able to run a watch-only wallet from that interface.(4) This could be the clincher question: What kind of software would I need to be running from this internet cafe? I was hoping I could just quickly install Putty on some Windows machine in an internet cafe and do everything via ssh - but maybe I would need a local machine running a full copy of Armory? In that case, I could probably use yet another machine: it could be my existing online Armory machine, but because I'm travelling and it's been offline for weeks it would not have an up-to-date copy of the blockchain - but it would still have all the functionality of Armory, the python-qt GUI, etc. Then it seems like I'd be trying to create some sort of hookup between:
- the formerly online Armory local laptop with the outdated copy of the blochain plugged in or wifi-ing in at an internet cafe, and
- the up-to-date currently online remote server on Amazon AWS.
... also using a signed transction from the offline machine.
You will need armory on the local laptop. It doesn't need the blockchain to work. All you just do is use a watch only wallet on the server and use that to create the transaction. Then you sign the transaction on your offline laptop using armory. The transaction can be broadcast through the server or through any web transaction broadcast.- the formerly online Armory local laptop with the outdated copy of the blochain plugged in or wifi-ing in at an internet cafe, and
- the up-to-date currently online remote server on Amazon AWS.
... also using a signed transction from the offline machine.
(5) I think I saw a website once, I think it was a page at blockchain.info, where you could also do something like "upload a signed bitcoin transaction". Is this browser-based method of signing a transaction on a site like blockchain.info compatible with the kind of signed transaction produced by Armory? If so then maybe I could skip all of the above - no VPS on Amazon needed, just keep my Armory offline machine with me and sign transactions from it and submit via any web browser?
First of all, you are not signing the transaction in the browser. You could create and import a watch only wallet into blockchain to create the transaction that you sign. Then take that transaction offline to your armory and sign the transaction and then broadcast it back through blockchain. 