How can I edit files on my remote host using my local Emacs when I can access the remote host only through SSH with public key authentication? Tramp handles normal password logins pretty well but I can't figure out how to get it work with key pairs. I'm using unix/linux on both ends.
There is no TRAMP equivalent to ssh user#host -i private-key.pem. However, if you run the shell command ssh-add private-key.pem, then ssh (and thus TRAMP) will automatically use private-key.pem for authentication. Simply ssh user#host will work on the shell, and opening the file /user#host:~/filename.txt will work in emacs, without it prompting for a password.
I don't get your question as Tramp works perfectly well with public-key authenticated SSH connections.
For instance, assuming you have set the following config in ~/.ssh/config:
Host remotehost
User mylogin
Port 22
Hostname remotehost.fqdn
and assuming that you can run ssh remotehost correctly in a terminal, then you are able to open your remote file using TRAMP C-x C-f /remotehost:path/to/file
If you are on Windows you can use plink with tramp easily. You have to make sure the plink binary is in your path and have to customize the variable (M-x customize-option) tramp-default-method to plink which combined with pageant would get you what you want.
I let you read the putty home page how to configure pageant to add your key.
There is the method plinkx as well which use the profile name so when you do a :
C-x C-f /putty_profile:
It will get the putty_profile from your putty saved profile name.
If you are using Linux usually modern distros should have the gnome keyring (named as well seahorse) starting X with a global SSH agent. Example on my debian distro :
chmouel#lutece:~$ ps aux|grep ssh-agent
chmouel 2917 0.0 0.0 4904 552 ? Ss Aug30 0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /usr/bin/seahorse-agent --execute x-session-manager
if you do a ssh-add (making sure you have identity in your ~/.ssh properly configured) it should request for your password and identify for all your X session.
If it does not happen you probably have a problem somewhere else in your distro.
Related
I have connected to a remote Ubuntu host from Windows using VS Code and using it for remote development. Often times I open different code repositories in VS Code but every time I have to open a different folder despite having the connection established the VS Code ask for password.
It seems that once we are commented to a remote host then successive opening of different folder from same host should not prompt for password.
Is there any setting I am missing or should do to resolve this or save password.
I'm assuming you're connecting to an ssh remote.
There are two ways to authenticate an ssh connection, via password and via public/private key. When using the latter you don't need to enter the password each time.
To use the public/private keys here's what you have to do:
You first need a pair (public/private) of ssh keys. On windows you can use ssh-keygen to generate them for you and put them in the default ssh config folder ( ~/.ssh/)
You then have to configure the remote server to allow your ssh key, you can do this in two ways:
with the ssh-copy-id command if available (I think on windows it's not there, but you can try)
by manually add your public key (~/.ssh/id_rsa.pub) to the.ssh/authorized_keys file on the host machine
Here's a link to know more about passwordless logins via ssh: https://www.redhat.com/sysadmin/passwordless-ssh
Open git bash on Windows
cd .ssh
ssh-copy-id -i id_ed25519.pub your-username#your-server
I found a related thread that describes how to login to a remote server using sshpass:
sshpass -p '<password>' <ssh/scp command>
How can logging in with password be accomplished in Emacs / Tramp?
I presently use the following and then enter the password manually:
C-x C-f /ssh:user#server:/home/user/public_html/
I have the following function, that I access from my right-click context pop-up menu:
(defun lawlist-remote-server-login ()
(interactive)
(find-file "/ssh:user#server:/home/user/public_html/"))
If you're simply trying to avoid typing your password, but you don't want to use SSH keys, you can use an authentication file.
From the TRAMP user manual:
4.12.1 Using an authentication file
The package auth-source.el, originally developed in No Gnus, offers
the possibility to read passwords from a file, like FTP does it from
~/.netrc. The default authentication file is ~/.authinfo.gpg, this can
be changed via the variable auth-sources.
A typical entry in the authentication file would be
machine melancholia port scp login daniel password geheim
The port can be any tramp method (see Inline methods, see External
methods), to match only this method. When you omit the port, you match
all tramp methods.
In case of problems, setting auth-source-debug to t gives useful debug
messages.
Edit:
The specific code that worked for the OP without requiring GnuPG is reproduced below.
Emacs configuration:
(setq auth-sources '("/Users/HOME/.0.data/.0.emacs/.authinfo"))
And in the .authinfo file identified above:
machine 12.34.56.789 login lawlist password 12345678 port ssh
I am running graphical Emacs 24.3.1 (this problem exists when using the console version as well) on Arch Linux. I am trying to use TRAMP to open files on a remote Fedora system by SSH with a private key which requires a password. Authentication works fine, and so does the listing of files. When I do try to open a file, my Emacs session hangs with "Tramp: Inserting `/{filename I'm trying to open}' ...done". It is not possible to abort with ESC ESC ESC or C-g. Does anyone have a solution to this?
Emacs 24 normally works very well with Tramp. What you might need is ControlMasterAuto in your .ssh/config file. This will ensure that the ssh connection information passes seamlessly to Emacs. This will also ensure that you only need to login once in a terminal and use multiple emacs frames in tramp mode. I have detailed the following steps
(1) Go to your .ssh/config file and add the following options
Host <hostname>
ControlMaster auto
ControlPath ~/.ssh/%r#%h:%p
ServerAliveCountMax=30
ServerAliveInterval=5
(2) Now login to the remote host through terminal.
(3) Open emacs frame and try opening the remote files through tramp (/ssh:). You must be able to connect to the remote host.
The above steps should work even for a two level authentication (using a rsa key +password).
This thread is old - however, a very similar problem on my FC22 laptop (tramp hanging when trying to type a colon following /su in the minibuffer) appears to be fixed by commenting the ::1 line in /etc/hosts.
I think this is very basic question in using tramp, but it doesn't work for me.
I have my ~/.ssh/config file that points to my amazon ec2 machine
Host amazon
Hostname xxxx.amazonaws.com
Port yyy
User me
IdentityFile ~/.ssh/ubuntu
ForwardAgent yes
I can easily do ssh amazon from my terminal and I go to amazon ec2 (so my config is right), but in emacs
I do:
C-x C-f /ssh1:amazon:
I always get this error
In Aquamacs:
Process *tramp/ssh1 amz* exited abnormally with code 255
In Emacs:
tramp: Opening connection at amz using ssh1...
tramp: Waiting for prompts from remote shell
tramp: Waiting 60s for prompt from remote shell
tramp-process-actions: Login failed
I also have other ssh configurations that they ssh to my virtual boxes on my local machine and they have the same problem.
I really appreciate any help.
One thing that's worth trying is using the sshx connection method. That makes tramp try to avoid any non-standard shell configuration on the remote host.
Like this:
C-x C-f /sshx:amazon:
The tramp method ssh1 forces ssh to be run in ssh v1 protocol mode with the parameter -1. ssh v1 has known weaknesses and is insecure. Hence a lot of sites disable the ssh v1 protocol.
You can verify this from the shell with ssh -1 me#xxxx.amazonaws.com.
Try other tramp connection methods like ssh, sftp or scpx. You can see all pre-configured connection methods with C-h v tramp-methods.
If Moritz Bunkus's answer doesn't solve the issue, then you can configure the verbosity of tramp's output with
M-x customize-variable RET tramp-verbose RET
In particular, level 6 is "sent and received strings" which might help you to determine whether the "Waiting for prompts from remote shell" is because it isn't receiving a prompt pattern that it recognises, or because of some more critical failure.
If it's simply receiving a prompt it doesn't recognise, then you might look at customizing the tramp-login-prompt-regexp or tramp-shell-prompt-pattern variables.
(Of course if your ssh agent is working correctly, then login prompts shouldn't be relevant.)
If you're running Emacs in Windows, then also see these Q&As:
Emacs: Tramp doesn't work
Using tramp with EmacsW32 and cygwin, possible?
I have only one user (say "goodk") that can accept SSH connections. So, I am not able to use Tramp to edit files which are accessible to other users than the one that accepts SSH connection. How can I achieve this?
How I do this currently:
I use terminal. From terminal I login to user "goodk". Then I switch user using su or sudo.
Have you checked:
How can I use Emacs Tramp to double hop ssh?
or
http://jeremy.zawodny.com/blog/archives/000983.html
or
http://codesnippets.joyent.com/posts/show/366
To the remote server the files are being read/written by the user that connects via ssh. If the files to be modified are owned by a different user then they will need to be readable/writable by the ssh user.