4.18 Ssh setup hints

The most common TRAMP connection family is based on either ssh or scp of OpenSSH, or plink or pscp of PuTTY on MS Windows. In the following, some configuration recommendations are given.

4.18.1 Using ssh config include for host name completion

OpenSSH configuration files can use an Include option for further configuration files. Default TRAMP host name completion ignores this option. However, you can configure this yourself.

Given, your ~/.ssh/config file contains the following option:

Include ~/.ssh/conf.d/*

The following code snippet in your .emacs uses all files in that directory for host name completion:

 "ssh" (append (tramp-get-completion-function "ssh")
               (mapcar (lambda (file) `(tramp-parse-sconfig ,file))
                        'full directory-files-no-dot-files-regexp))))

This code snippet does it for the ssh method. If you replace "ssh" by "scp", it does it also for that method (or any other method you like).

4.18.2 Detection of session hangouts

ssh sessions on the local host hang when the network is down. TRAMP cannot safely detect such hangs. OpenSSH can be configured to kill such hangs with the following settings in ~/.ssh/config:

Host *
     ServerAliveInterval 5
     ServerAliveCountMax 2

The corresponding PuTTY configuration is in the Connection entry, Seconds between keepalives option. Set this to 5. There is no counter which could be set.

4.18.3 Using ssh connection sharing

TRAMP uses the ControlMaster=auto OpenSSH option by default, if possible. However, it overwrites ControlPath settings when initiating ssh sessions. TRAMP does this to fend off a stall if a master session opened outside the Emacs session is no longer open. That is why TRAMP prompts for the password again even if there is an ssh already open.

Some OpenSSH versions support a ControlPersist option, which allows you to set the ControlPath provided the variable tramp-ssh-controlmaster-options is customized as follows:

   "-o ControlPath=/tmp/ssh-ControlPath-%%r@%%h:%%p "
   "-o ControlMaster=auto -o ControlPersist=yes"))

Note how ‘%r’, ‘%h’ and ‘%p’ must be encoded as ‘%%r’, ‘%%h’ and ‘%%p’.

If the ~/.ssh/config file is configured appropriately for the above behavior, then any changes to ssh can be suppressed with this nil setting:

(customize-set-variable 'tramp-use-ssh-controlmaster-options nil)

This should also be set to nil if you use the ProxyCommand or ProxyJump options in your ssh configuration.

In order to use the ControlMaster option, TRAMP must check whether the ssh client supports this option. This is only possible on the local host, for the first hop. TRAMP does not use this option on proxy hosts, therefore.

If you want to use this option also for the other hops, you must configure ~/.ssh/config on the proxy host:

Host *
     ControlMaster      auto
     ControlPath        tramp.%C
     ControlPersist     no

Check the ‘ssh_config(5)’ man page whether these options are supported on your proxy host.

On MS Windows, tramp-use-ssh-controlmaster-options is set to nil by default, because the MS Windows and MSYS2 implementations of OpenSSH do not support this option properly.

In PuTTY, you can achieve connection sharing in the Connection/SSH entry, enabling the Share SSH connections if possible option.

4.18.4 Configure direct copying between two remote servers

TRAMP uses a temporary local copy when copying two files between different remote hosts via external methods. This behavior is due to authentication problems TRAMP cannot handle sufficiently. However, for scp connections this can be changed. When a file shall be copied between two different remote hosts ‘source’ and ‘target’, and

TRAMP applies direct remote copying between hosts ‘source’ and ‘target’ like

scp -p -T -R -q -r source:/path/to/file target:/path/to/another/file

This protects also your local temporary directory from overrun when copying large files.

If these conditions do not apply, and tramp-use-scp-direct-remote-copying is non-nil, the option ‘-3’ is used instead of ‘-R’.

When TRAMP uses direct remote copying, password caches are not consulted.

4.18.5 Issues with Cygwin and MS Windows ssh

This section is incomplete. Please share your solutions.

MS Windows’ ssh does not open a remote TTY. Use the method sshx or scpx instead. Furthermore, it cannot read a passphrase for ssh private keys. Use the MS ssh-agent.

Cygwin’s ssh works only with a Cygwin version of Emacs. To check for compatibility: type M-x eshell RET, and start ssh test.host RET. Incompatibilities trigger this message:

Pseudo-terminal will not be allocated because stdin is not a terminal.

Some older versions of Cygwin’s ssh work with the sshx access method. Consult Cygwin’s FAQ at https://cygwin.com/faq/ for details.

On the Emacs Wiki it is explained how to use the helper program fakecygpty to fix this problem.

When using the scpx access method, Emacs may call scp with MS Windows file naming, such as c:/foo. But the version of scp that is installed with Cygwin does not know about MS Windows file naming, which causes it to incorrectly look for a host named ‘c’.

A workaround: write a wrapper script for scp to convert Windows file names to Cygwin file names.

When using the cygwin ssh-agent on MS Windows for password-less interaction, ssh methods depend on the environment variable SSH_AUTH_SOCK. But this variable is not set when Emacs is started from a Desktop shortcut and authentication fails.

One workaround is to use an MS Windows based SSH Agent, such as the native MS ssh-agent or Pageant. The latter is part of the PuTTY Suite of tools.

The fallback is to start Emacs from a shell.