To avoid repeated prompts for passwords, consider native caching mechanisms, such as ssh-agent for ssh-like methods, or pageant for plink-like methods.
TRAMP offers alternatives when native solutions cannot meet the need.
4.14.1 Using an authentication fileThe package auth-source.el, originally developed for No Gnus, reads passwords from different sources, See (auth)auth-source. The default authentication file is ~/.authinfo.gpg, but this can be changed via the user option auth-sources.
A typical entry in the authentication file:
machine melancholia port scp login daniel password geheim
The port can take any TRAMP method (see Inline methods, see External methods). Omitting port values matches all TRAMP methods. Domain and ports, as used in TRAMP file name syntax, must be appended to the machine and login items:
machine melancholia#4711 port davs login daniel%BIZARRE password geheim
For the methods doas, sudo, sudoedit and nspawn the password of the user requesting the connection is needed, and not the password of the target user3. If these connections happen on the local host, an entry with the local user and local host is used:
machine host port sudo login user password secret
user and host are the strings returned by (user-login-name) and (system-name). If one of these methods is connected via a multi-hop (see Connecting to a remote host using multiple hops), the credentials of the previous hop are used.
If no proper entry exists, the password is read interactively. After successful login (verification of the password), Emacs offers to save a corresponding entry for further use by auth-source backends which support this. This can be changed by setting the user option auth-source-save-behavior to nil.
Set auth-source-debug to t to debug messages.
Note that auth-source.el is not used for ftp connections, because TRAMP passes the work to Ange FTP. If you want, for example, use your ~/.authinfo.gpg authentication file, you must customize ange-ftp-netrc-filename:
(customize-set-variable 'ange-ftp-netrc-filename "~/.authinfo.gpg")
In case you do not want to use an authentication file for TRAMP passwords, use connection-local variables like this:
(connection-local-set-profile-variables 'remote-without-auth-sources '((auth-sources . nil)))
(connection-local-set-profiles '(:application tramp) 'remote-without-auth-sources)4.14.2 Caching passwords
TRAMP can cache passwords as entered and reuse when needed for the same user or host name independent of the access method.
auth-source-cache-expiry4 sets the duration (in seconds) the passwords are remembered. Set auth-source-cache-expiry to nil to disable expiration.
Cached passwords are never saved permanently nor can they extend beyond the lifetime of the current Emacs session unless you confirm this interactively.
Set auth-source-do-cache to nil to disable password caching.
For connections which use a session-timeout, like sudo, doas and run0, the password cache is expired by TRAMP when the session expires (see Setting own connection related information). However, this makes only sense if the password cannot be retrieved from a persistent authentication file or store.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4