Next: Reusing connection related information, Previous: Selecting config files for user/host name completion, Up: Configuring TRAMP [Contents][Index]
To avoid repeated prompts for passwords, consider native caching
mechanisms, such as
ssh-agent for ssh-like
pageant for plink-like methods.
TRAMP offers alternatives when native solutions cannot meet the need.
The package auth-source.el, originally developed for No Gnus,
reads passwords from different sources, See (auth)auth-source. The default authentication file is
~/.authinfo.gpg, but this can be changed via the user option
A typical entry in the authentication file:
machine melancholia port scp login daniel password geheim
The port can take any TRAMP method (see Inline methods, see External methods). Omitting port values matches all TRAMP methods. Domain and ports, as used in TRAMP file name syntax, must be appended to the machine and login items:
machine melancholia#4711 port davs login daniel%BIZARRE password geheim
If no proper entry exists, the password is read
interactively. After successful login (verification of the password),
Emacs offers to save a corresponding entry for further use by
auth-source backends which support this. This can be changed
by setting the user option
t to debug messages.
Note that auth-source.el is not used for ftp
connections, because TRAMP passes the work to Ange FTP. If
you want, for example, use your ~/.authinfo.gpg authentication
file, you must customize
(customize-set-variable 'ange-ftp-netrc-filename "~/.authinfo.gpg")
In case you do not want to use an authentication file for TRAMP passwords, use connection-local variables like this:
(connection-local-set-profile-variables 'remote-without-auth-sources '((auth-sources . nil)))
(connection-local-set-profiles '(:application tramp) 'remote-without-auth-sources)
TRAMP can cache passwords as entered and reuse when needed for the same user or host name independent of the access method.
password-cache-expiry sets the duration (in seconds) the
passwords are remembered. Passwords are never saved permanently nor
can they extend beyond the lifetime of the current Emacs session. Set
nil to disable expiration.
nil to disable password caching.