help-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tramp and ssh-agent / ssh-add

From: Roland Winkler
Subject: Re: tramp and ssh-agent / ssh-add
Date: Sun, 30 Mar 2008 14:28:01 +0200
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) 
Michael Albinus <michael.albinus@gmx.de> writes:
> I wouldn't do it this way:
>
> - You advice tramp-open-connection-rsh, a function of Tramp 2.0. It
>   doesn't exist anymore in Tramp 2.1, so you solution isn't future safe.
>
> - I believe that calling ssh-add on-the-fly is not the intended way. You
>   should call it, before you run emacs "as a subprocess of ssh-agent" on
>   the remote machine.

Of course I can run ssh-add before starting emacs. The reason I
didn't want to do that is that not all of these emacs sessions need
ssh at all. So I do not want to type a passphrase that is not needed.
That's why I said that if tramp had a (documented) hook that is
intended to be used for such kind of thing, I would definitely
prefer to use it.

> - Tramp supports password caching on its own. Install password.el in
>   your own lisp directory. You could download it from 
> <http://cvs.savannah.gnu.org/viewvc/*checkout*/tramp/contrib/password.el?revision=1.1.2.1&root=tramp&pathrev=branch-2-0-stable>.

>From a security point of view this goes beyond my knowledge. I know
that I need to trust ssh that it handles the passphrases in a safe
way. (And I believe that ssh-agent /ssh-add does not cache the
passphrase itself, but it uses some other method.) When I have
another layer that is actually caching passwords, I feel
uncomfortable that one day something could go wrong. Or do I
misunderstand the approach used by password.el?

Roland
reply via email to
[Prev in Thread] Current Thread [Next in Thread]