Usually when I have emacs running on a remote machine, I do this as
a subprocess of ssh-agent. Then when I establish ssh connections
via tramp, I want to make sure that I type my password only once via
ssh-add. What is the cleanest way to do that? Is there some support
from tramp for that? Right now, my home-made solution uses a
defadvice for tramp-open-connection-rsh, see the code below.
However, if tramp-open-connection-rsh is the right entry point for
what I want to do, it seems to me that a hook might be helpful. Or
am I missing something else?

Thanks,

Roland

(defun ssh-add-p ()
"Return t if ssh identities known."
(with-temp-buffer
(call-process "/usr/bin/ssh-add" nil t nil "-l")
(goto-char (point-min))
(not (search-forward "The agent has no identities." nil t))))

Roland Winkler writes:

Hi,

I wouldn't do it this way:

- You advice tramp-open-connection-rsh, a function of Tramp 2.0. It
doesn't exist anymore in Tramp 2.1, so you solution isn't future safe.

- I believe that calling ssh-add on-the-fly is not the intended way. You
should call it, before you run emacs "as a subprocess of ssh-agent" on
the remote machine.

- Tramp supports password caching on its own. Install password.el in
your own lisp directory. You could download it from <http://cvs.savannah.gnu.org/viewvc/*checkout*/tramp/contrib/password.el?revision=1.1.2.1&root=tramp&pathrev=branch-2-0-stable>.

Michael Albinus writes:

Of course I can run ssh-add before starting emacs. The reason I
didn't want to do that is that not all of these emacs sessions need
ssh at all. So I do not want to type a passphrase that is not needed.
That's why I said that if tramp had a (documented) hook that is
intended to be used for such kind of thing, I would definitely
prefer to use it.

Roland Winkler writes:

Tramp 2.0 does not offer such a hook. Tramp 2.1 has two hooks, but they
might not be suited for your needs.

Best regards, Michael.

On Sun Mar 30 2008 Michael Albinus wrote:

Would you be able to add one? I know at least one person who would
greatly appreciate it. :-)
And if its purpose (one of its possible purposes) was properly
documented, I could well imagine that more people would like to use
it.

(I know that tramp is intended to provide a general scheme for file
transfer. Are there other schemes besides beside ssh that use an
agent like ssh? Gpg comes with an agent. But I guess that this is a
different story.)

Thanks,

Roland

"Roland Winkler" writes:

Not for Tramp 2.0. It doesn't see new features; just bug fixes will be
provided for it.

There are also plink/pscp, which use pageant as agent. All of them from
the PuTTY package.

On Sun Mar 30 2008 Michael Albinus wrote:

That's a very good point. With more programs using a similar
approach, it would be nice if this could be done in a coherent way.
(Personally, I do not know anything about Gnome and KDE.)

"Roland Winkler" writes:

Run Forrest, Run!

Best regards, Michael.

"Roland Winkler" writes:

gpg agent is similar to ssh-agent, but for gpg keys. I'm assuming that
if your security concious, your connectinig to the remote system via ssh
already, so I don't see any difference in typing the passphrase into
ssh-add prior to starting emacs compated to typing it in emacs itself.

Tim X writes:

D'accord. But Roland has the use case to run Emacs on a remote
host. He even doesn't start ssh-agent there, which would do the job.

Best regards, Michael.