Password handling - TRAMP User Manual

Next: Connection caching, Previous: Customizing Completion, Up: Configuration

4.12 Reusing passwords for several connections.

Sometimes it is necessary to connect to the same remote host several times. Reentering passwords again and again would be annoying, when the chosen method does not support access without password prompt through own configuration.

The best recommendation is to use the method's own mechanism for password handling. Consider ssh-agent for ssh-like methods, or pageant for plink-like methods.

However, if you cannot apply such native password handling, tramp offers altenatives.

4.12.1 Using an authentication file

The package auth-source.el, originally developed in No Gnus, offers the possibility to read passwords from a file, like FTP does it from ~/.netrc. The default authentication file is ~/.authinfo.gpg, this can be changed via the variable auth-sources.

A typical entry in the authentication file would be

     machine melancholia port scp login daniel password geheim

The port can be any tramp method (see Inline methods, see External methods), to match only this method. When you omit the port, you match all tramp methods.

A special case are imap-like methods. Authentication with the IMAP server is performed via imap.el, there is no special need from tramp point of view. An additional passphrase, used for symmetric encryption and decryption of the stored messages, should be given with the special port indication tramp-imap:

     machine melancholia port tramp-imap login daniel password ultrageheim

4.12.2 Caching passwords

If there is no authentication file, tramp caches the passwords entered by you. They will be reused next time if a connection needs them for the same user name and host name, independently of the connection method.

Passwords are not saved permanently, that means the password caching is limited to the lifetime of your GNU Emacs session. You can influence the lifetime of password caching by customizing the variable password-cache-expiry. The value is the number of seconds how long passwords are cached. Setting it to nil disables the expiration.

If you don't like this feature for security reasons, password caching can be disabled totally by customizing the variable password-cache (setting it to nil).

Implementation Note: password caching is based on the package password-cache.el. For the time being, it is activated only when this package is seen in the load-path while loading tramp.