Emacs Tramp ssh double hop - emacs

Could somebody please help me setup Emacs Tramp to do a double hop?
I want to work on machine2.abc.def.edu to which I can connect only through machine1.abc.def.edu. My username is myname, on both machines same.
I've tried to add .emacs:
(add-to-list 'tramp-default-proxies-alist
'("\\`machine2\\.abc\\.def\\.edu\\'"
"\\`myname\\'"
"/ssh:machine1\\.abc\\.def\\.edu:"))
This is my best guess interpretation of what's in the manual. Then I do:
C-x C-f /ssh:machine2.abc.def.edu
or:
C-x C-f /ssh:rsuhada#machine2.abc.def.edu
But both give:
ssh: Could not resolve hostname ssh: nodename nor servname provided, or not known
Process *tramp/scpc ssh* exited abnormally with code 255
And my Aquamacs can't be quitted and have to killed from shell... There is a 2 years thread here with same question. I've tried the answer from there:
(add-to-list 'tramp-default-proxies-alist
'("machine2.abc.def.edu"
nil
"/ssh:myname#machine1.abc.def.edu:"))
With same results... also for all combinations I could come up with... Remote editing on machine1.abc.def.edu works fine, though.

The answer it to use the ssh_proxy command available in ssh_config. Documented here and here. Basically you create a config file in your ssh folder that you can write shortcuts in. One of your shortcuts is to use a proxy through another end point. All of your shortcuts work for any tool that uses ssh including git and emacs.
Host endpoint2
User myusername
HostName mysite.com
Port 3000
ProxyCommand ssh endpoint1 nc -w300 %h %p
Host endpoint1
User somename
HostName otherdomainorip.com
Port 6893
In this example running ssh endpoint2 will automatically hop through endpoint1.

Okay, let's try something different then, without opening a tunnel. How about the following in your .emacs file:
(add-to-list 'tramp-default-proxies-alist
'("\\`machine2\\'"
nil
"/ssh:%u#machine1.abc.def.edu:"))
This is different from the code you found in the forum post in two points:
it adds ticks around the target host
name (Emacs regexp syntax to avoid
matching partial names)
it uses only
the subdomain name in the target
host (you reported in a comment
below that you cannot ssh to
machine2 when you use the full
domain name)
Does that help when you try to access a file on machine2?

Set up an ssh tunnel from machine1 to machine2 (assuming that sshd runs on port 22 on machine2):
machine1.abc.def.edu> ssh -f -N -L 2222:localhost:22 machine2.abc.def.edu
Then either connect to machine2 from Emacs like this:
/ssh:machine1.abc.def.edu#2222
or add the following line to your .emacs:
(add-to-list 'tramp-default-proxies-alist
'("\\`machine2\\.abc\\.def\\.edu\\'" nil
"/tunnel:machine1.abc.def.edu#2222:"))

Related

tramp mode will not work (ssh cannot resolve hostname)?

Earlier this week I tried ssh'ing into my lab machine (as I do very frequently) via tramp mode (ubuntu 14.04) and now it seems to not work out of the blue. I have tried checking all folder permissions, that ssh actually works (in terminal, even nested in emacs). However, it still will not connect me. I see the connection in my .ssh file so I am not sure what the issue is. Any ideas? This is killing my productivity since I would much rather tramp in vs git everything.
######### from C-x C-f ssh:user#host...etc (which has always worked in the past) #######
ssh: Could not resolve hostname ssh: Name or service not known
########## from *Messages buffer* #####################
Tramp: Opening connection for ssh using scp...
Tramp: Sending command `exec ssh -e none ssh'
Tramp: Waiting for prompts from remote shell
Tramp: Sending command `exec ssh -e none ssh'
Tramp: Opening connection for ssh using scp...done
byte-code: Process died
side note: I did start having pop-ups w/ system program problem detected but the ONLY thing in the /var/crash folder is a virtual box issue so I cant imagine that could be it. (Can I purge emacs and grab my config again and solve it that way?)
The error message clearly indicates that you are doing C-x C-f /ssh:user#host/path/to/file. A colon is missing after host. Pls open this like C-x C-f /ssh:user#host:/path/to/file.

How to use tramp with corkscrew to access remote clusters?

My computer network is closed to ssh to external machines (outside the network) through port 22. I have a round about by tunneling ssh through http by employing cockscrew. I modified my config file in the following fashion
Host EXTERNAL-HOSTNAME
ControlMaster auto
ControlPath ~/.ssh/%r#%h:%p
ServerAliveCountMax=30
ServerAliveInterval=5
ProxyCommand corkscrew LOCAL-PROXYNAME PROXY-PORT-NO %h %p
How can I now use tramp to access the files in the remote cluster? The regular command /ssh:username#EXTERNAL-HOSTNAME fails to open the file.
UPDATE 1:
My proxy does not use the default 8080 port but a different port number. So using
/tunnel:PROXY-HOSTNAME PROXY-PORT-NO | ssh:USERNAME#EXTERNAL-HOSTNAME:~/
gave me the following error
Tramp: Opening connection for tunnel using scp... Tramp: Sending
command exec ssh -o
ControlPath=/var/folders/k5/r4f1q8j90y345rsz_9skc7y48q0jr6/T/tramp.15685eSq.%r#%h:%p
-o ControlMaster=auto -o ControlPersist=no -e none tunnel' Tramp: Waiting for prompts from remote shell... Tramp failed to connect. If
this happens repeatedly, try
M-x tramp-cleanup-this-connection' Tramp: Waiting for prompts from remote shell...failed Tramp: Opening connection for tunnel using
scp...failed Use M-x make-directory RET RET to create the directory
and its parents
Tramp: Checking `vc-registered' for /tunnel:PROXY-HOSTNAME
PROXY-PORT-NO | ssh:USERNAME#EXTERNAL-HOSTNAME:~/...failed Use M-x
make-directory RET RET to create the directory and its parents Mark
set
UPDATE 2:
It worked. The only problem was I was not entering the port-no correctly. Now I just used
/tunnel:PROXY-HOSTNAME#PROXY-PORT-NO|ssh:USERNAME#EXTERNAL-HOSTNAME:~/
and it worked.
I don't know corkscrew so I cannot answer for this. However, Tramp is able to tunnel http by its own. Try to open /tunnel:LOCAL-PROXYNAME|ssh:username#EXTERNAL-HOSTNAME. The proxy command shall be removed from your ssh config, of course.

How to use sshpass when loging in to remote server with Emacs / Tramp

I found a related thread that describes how to login to a remote server using sshpass:
sshpass -p '<password>' <ssh/scp command>
How can logging in with password be accomplished in Emacs / Tramp?
I presently use the following and then enter the password manually:
C-x C-f /ssh:user#server:/home/user/public_html/
I have the following function, that I access from my right-click context pop-up menu:
(defun lawlist-remote-server-login ()
(interactive)
(find-file "/ssh:user#server:/home/user/public_html/"))
If you're simply trying to avoid typing your password, but you don't want to use SSH keys, you can use an authentication file.
From the TRAMP user manual:
4.12.1 Using an authentication file
The package auth-source.el, originally developed in No Gnus, offers
the possibility to read passwords from a file, like FTP does it from
~/.netrc. The default authentication file is ~/.authinfo.gpg, this can
be changed via the variable auth-sources.
A typical entry in the authentication file would be
machine melancholia port scp login daniel password geheim
The port can be any tramp method (see Inline methods, see External
methods), to match only this method. When you omit the port, you match
all tramp methods.
In case of problems, setting auth-source-debug to t gives useful debug
messages.
Edit:
The specific code that worked for the OP without requiring GnuPG is reproduced below.
Emacs configuration:
(setq auth-sources '("/Users/HOME/.0.data/.0.emacs/.authinfo"))
And in the .authinfo file identified above:
machine 12.34.56.789 login lawlist password 12345678 port ssh

Tramp mode in emacs using ssh config

I think this is very basic question in using tramp, but it doesn't work for me.
I have my ~/.ssh/config file that points to my amazon ec2 machine
Host amazon
Hostname xxxx.amazonaws.com
Port yyy
User me
IdentityFile ~/.ssh/ubuntu
ForwardAgent yes
I can easily do ssh amazon from my terminal and I go to amazon ec2 (so my config is right), but in emacs
I do:
C-x C-f /ssh1:amazon:
I always get this error
In Aquamacs:
Process *tramp/ssh1 amz* exited abnormally with code 255
In Emacs:
tramp: Opening connection at amz using ssh1...
tramp: Waiting for prompts from remote shell
tramp: Waiting 60s for prompt from remote shell
tramp-process-actions: Login failed
I also have other ssh configurations that they ssh to my virtual boxes on my local machine and they have the same problem.
I really appreciate any help.
One thing that's worth trying is using the sshx connection method. That makes tramp try to avoid any non-standard shell configuration on the remote host.
Like this:
C-x C-f /sshx:amazon:
The tramp method ssh1 forces ssh to be run in ssh v1 protocol mode with the parameter -1. ssh v1 has known weaknesses and is insecure. Hence a lot of sites disable the ssh v1 protocol.
You can verify this from the shell with ssh -1 me#xxxx.amazonaws.com.
Try other tramp connection methods like ssh, sftp or scpx. You can see all pre-configured connection methods with C-h v tramp-methods.
If Moritz Bunkus's answer doesn't solve the issue, then you can configure the verbosity of tramp's output with
M-x customize-variable RET tramp-verbose RET
In particular, level 6 is "sent and received strings" which might help you to determine whether the "Waiting for prompts from remote shell" is because it isn't receiving a prompt pattern that it recognises, or because of some more critical failure.
If it's simply receiving a prompt it doesn't recognise, then you might look at customizing the tramp-login-prompt-regexp or tramp-shell-prompt-pattern variables.
(Of course if your ssh agent is working correctly, then login prompts shouldn't be relevant.)
If you're running Emacs in Windows, then also see these Q&As:
Emacs: Tramp doesn't work
Using tramp with EmacsW32 and cygwin, possible?

Open file via SSH and Sudo with Emacs

I want to open a file inside Emacs which is located on a remote server, with sudo powers on the server. I can open local files with sudo via Tramp like this:
C-x C-f /sudo::/home/user/file
But I want to use sudo on the server:
C-x C-f /sudo::user#server/home/user/file
But this gives me sudo powers on my local machine, it asks for my sudo password on the local machine. Is there a way to use sudo on the server?
BTW: Emacs is not installed on the server
As of Emacs 24.3, an analog of the old multi: syntax has been layered on top of the modern tramp-default-proxies-alist approach, meaning that you can once again perform multi-hops without any prior configuration. For details, see:
C-hig (tramp)Ad-hoc multi-hops RET
With the new syntax, each 'hop' is separated by |. The example in the manual is:
C-xC-f /ssh:bird#bastion|ssh:you#remotehost:/path RET
Which connects firstly as bird#bastion, and from there to you#remotehost:/path
/su: or /sudo: on remote hosts
You can also use this syntax to sudo/su to root (or of course any other user) on a remote host:
C-xC-f /ssh:you#remotehost|sudo:remotehost:/path/to/file RET
Important: be sure to specify the hostname explicitly: sudo:remotehost: rather than sudo:: (see below).
As this still uses the proxy mechanism underneath, tramp-default-proxies-alist should now include the value ("remotehost" "root" "/ssh:you#remotehost:")
Meaning that the proxy /ssh:you#remotehost: is going to be used whenever you request a file as root#remotehost.
root is the default user for these methods, but you can of course also change to a non-root user with:
C-xC-f /ssh:you#remotehost|sudo:them#remotehost:/path/to/file RET
Always specify the remote hostname explicitly
You are probably used to using sudo:: or su:: and omitting the hostname. If you are staying on the localhost then this is still fine, but if you are hopping to a remote server then you must specify the hostname for every hop -- even if it is the same as for the previous hop. Always use sudo:hostname: or su:hostname: with remote hosts.
The trap here is that sudo:: does actually appear to work -- however when you do that the HOST for the dynamic proxy entry will be the hostname you originated from rather than the host you connected to. This will not only look confusing (as the wrong host will be displayed in the file paths), but it will also mean that any subsequent attempt to use sudo:: on your localhost will instead be proxied to the remote server! (and the proxy would also presumably be clobbered if you did the same thing on a second server, causing further issues).
In short, don't use :: when you multi-hop!
Emacs 27+
Starting from Emacs 27.1 (or Tramp 2.4.2, if using the GNU ELPA package) the :: case works intuitively, such that /ssh:you#remotehost|sudo:: will re-use remotehost rather than your own local host, and so you won't end up with a bad proxy entry.
In addition, the likes of /ssh:you#remotehost|sudo:localhost: are detected and flagged as user errors.
If you are liable to use a mixture of Emacs versions including versions earlier than 27 (or you are advising someone else who may be using an older version), then it would be safest to continue to treat :: as unsafe when multi-hopping, to avoid potential mishap. (I.e. specifying the correct remote host explicitly will remain the safest approach if the Tramp version is unknown.)
Update: Although this answer solved the original problem, it was written for emacs 20 or 21. For emacs 24, I recommend you use phils's answer because it offers more explanation and is up to date.
I think multi-hop filenames in tramp is what you're looking for.
The first hop would be ssh and the second would be sudo.
Update: Recent versions of emacs support multiple hops using proxies:
(add-to-list 'tramp-default-proxies-alist ("my-sudo-alias" nil "/ssh:user#ssh-host"))
Then invoke by opening:
/sudo:my-sudo-alias:file-on-ssh-host
I had some troubles with the selected answer. However, it worked when I added this line to .emacs:
(add-to-list 'tramp-default-proxies-alist '(".*" "\\`root\\'" "/ssh:%h:"))
And then executed the following:
/sudo:ssh-host:file-on-ssh-host
It was slightly confusing because at one point I was prompted for the "root" password, but entering my user's password granted me access. It also universally works on all hosts on the network. Also, I can still do this to not be root:
/ssh:ssh-host:file-on-ssh-host
From the tramp multi-hops configuration webpage
(add-to-list 'tramp-default-proxies-alist
'(nil "\\`root\\'" "/ssh:%h:"))
(add-to-list 'tramp-default-proxies-alist
'((regexp-quote (system-name)) nil nil))
Then any
C-x C-f /sudo:remote-host:/file
will open file using sudo after logged with the same username of the user running emacs but on the remote machine.
You have to ssh into the server first, then you have to run emacs locally.
Or you can use NFS with no_root_squash, or you can try with emacs server/client, although I have no idea of what may happen (do not use emacs myself)