Next: , Previous: , Up: Configuring TRAMP   [Contents][Index]

4.13 Reusing passwords for several connections

To avoid repeated prompts for passwords, consider native caching mechanisms, such as ssh-agent for ssh-like methods, or pageant for plink-like methods.

TRAMP offers alternatives when native solutions cannot meet the need.

4.13.1 Using an authentication file

The package auth-source.el, originally developed for No Gnus, reads passwords from different sources, See (auth)auth-source. The default authentication file is ~/.authinfo.gpg, but this can be changed via the user option auth-sources.

A typical entry in the authentication file: 

machine melancholia port scp login daniel password geheim

The port can take any TRAMP method (see Inline methods, see External methods). Omitting port values matches all TRAMP methods. Domain and ports, as used in TRAMP file name syntax, must be appended to the machine and login items: 

machine melancholia#4711 port davs login daniel%BIZARRE password geheim

If no proper entry exists, the password is read interactively. After successful login (verification of the password), Emacs offers to save a corresponding entry for further use by auth-source backends which support this. This can be changed by setting the user option auth-source-save-behavior to nil.

Set auth-source-debug to t to debug messages.

Note that auth-source.el is not used for ftp connections, because TRAMP passes the work to Ange FTP. If you want, for example, use your ~/.authinfo.gpg authentication file, you must customize ange-ftp-netrc-filename: 

(customize-set-variable 'ange-ftp-netrc-filename "~/.authinfo.gpg")

In case you do not want to use an authentication file for TRAMP passwords, use connection-local variables like this: 

(connection-local-set-profile-variables
 'remote-without-auth-sources '((auth-sources . nil)))



(connection-local-set-profiles
 '(:application tramp) 'remote-without-auth-sources)

4.13.2 Caching passwords

TRAMP can cache passwords as entered and reuse when needed for the same user or host name independent of the access method.

password-cache-expiry sets the duration (in seconds) the passwords are remembered. Passwords are never saved permanently nor can they extend beyond the lifetime of the current Emacs session. Set password-cache-expiry to nil to disable expiration.

Set password-cache to nil to disable password caching.

Next: Reusing connection related information, Previous: Selecting config files for user/host name completion, Up: Configuring TRAMP   [Contents][Index]