From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Roland Winkler Newsgroups: gmane.emacs.help Subject: Re: tramp and ssh-agent / ssh-add Date: Sun, 30 Mar 2008 14:28:01 +0200 Organization: FAU Erlangen-Nuernberg Message-ID: References: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1206880927 26155 80.91.229.12 (30 Mar 2008 12:42:07 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 30 Mar 2008 12:42:07 +0000 (UTC) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Sun Mar 30 14:42:38 2008 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1Jfwrr-0005X6-Ts for geh-help-gnu-emacs@m.gmane.org; Sun, 30 Mar 2008 14:42:36 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JfwrG-0007fG-5e for geh-help-gnu-emacs@m.gmane.org; Sun, 30 Mar 2008 08:41:58 -0400 Original-Path: shelby.stanford.edu!newsfeed.stanford.edu!news.tele.dk!news.tele.dk!small.news.tele.dk!fu-berlin.de!uni-berlin.de!news.dfncis.de!not-for-mail Original-Newsgroups: gnu.emacs.help Original-Lines: 29 Original-X-Trace: news.dfncis.de Zz3zmJ/Efp9LRP9nBrXBBQbg80aT1WsnpGyHXlLrn1lf2V Cancel-Lock: sha1:Jy5WZBh/YI7M6sZf3unmlDSWJn0= User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) Original-Xref: shelby.stanford.edu gnu.emacs.help:157462 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.help:52831 Archived-At: Michael Albinus writes: > I wouldn't do it this way: > > - You advice tramp-open-connection-rsh, a function of Tramp 2.0. It > doesn't exist anymore in Tramp 2.1, so you solution isn't future safe. > > - I believe that calling ssh-add on-the-fly is not the intended way. You > should call it, before you run emacs "as a subprocess of ssh-agent" on > the remote machine. Of course I can run ssh-add before starting emacs. The reason I didn't want to do that is that not all of these emacs sessions need ssh at all. So I do not want to type a passphrase that is not needed. That's why I said that if tramp had a (documented) hook that is intended to be used for such kind of thing, I would definitely prefer to use it. > - Tramp supports password caching on its own. Install password.el in > your own lisp directory. You could download it from . >From a security point of view this goes beyond my knowledge. I know that I need to trust ssh that it handles the passphrases in a safe way. (And I believe that ssh-agent /ssh-add does not cache the passphrase itself, but it uses some other method.) When I have another layer that is actually caching passwords, I feel uncomfortable that one day something could go wrong. Or do I misunderstand the approach used by password.el? Roland