1. 38

  2. 3

    Great article! I’d also mention that magit works transparently with tramp so you can take advantage of magit’s awesomeness on remote machines.

    1. 5

      You make it sound like it’s a feature that was intentionally built in, but what makes TRAMP great is that it’s transparently built in between buffer and file access, meaning that all halfway good Elisp code (eg. also eshell, compile, …) can employ TRAMP without having to worry about it.

      1. 1

        Sadly, gdb in the GUD does not work quite right. I can run M-x gdb just fine, but the file references do not work properly (and there are some complaints about the terminal from GDB). I suspect I’ll have to fiddle with the source locations to get it to work, if it will work at all.

      2. 2

        Also Dired, which means also Sunrise Commander, which is an orthodox two-pane file manager. Now you can have both panes show any combination of remote and local directories, and manipulate files between them as if everything was local.

        It’s a rather slow for big transfers and/or many files, but for smaller operations it is insanely convenient.

      3. 2

        If you are going to use TRAMP, I highly recommend something akin to this near the start of your shell rc file:

        [[ "${TERM}" == dumb ]] && PS1='$ ' && return

        This way TRAMP has fewer chances to run into any odd interactive settings that generally don’t play well with it and it will easily recognize the prompt (it will just hang if these things aren’t set correctly). In my case, with zsh, I added unsetopt zle in there as well. TRAMP is sensitive to all this because it basically logs in to access files. Using some sort of remote file access API would be nice, but *nix seems to have nothing useful for that, so relying on tenuous shell access settings is the name of the game.

        1. 2

          Using some sort of remote file access API would be nice, but *nix seems to have nothing useful for that.

          Not sure I follow. scp avoids all the issues with prompts. Looks like you can have emacs use it in preference to ssh. https://www.gnu.org/software/emacs/manual/html_node/tramp/External-methods.html

          1. 2

            The issue with that (when I used it more frequently a couple years ago) is that scp will log in anew everytime you save a file. That will make the saving progress take quite some time. When you’re used to hitting C-x C-s every once in a while, this can easily become annoying.

            1. 1

              All I can tell you is that neither scp nor ssh worked until I did what I stated for the shell. When I typed C-x C-f /scp:host:/ Emacs just sat there, unresponsive. After I changed the remote shell rc file, all was fine.

          2. 2

            I use SSH and TRAMP quite a lot to access a GPU cluster at the university. The cluster is managed by the IT-admins, and for some reason they’ve decided to disallow ~/.ssh/authorized_keys to work properly. Frustrated by having to input my randomly generated 20 character long password dozens of times per day, I recently found out about auth-source.el, which let’s you hard-code the password for a given host so that you don’t need to input it through TRAMP all the time.

            Now, I have the following in ~/.emacs.d/authinfo:

            machine remote_server_name login my_username password my_password port ssh

            and a simple addition to my .emacs:

            (setq auth-sources '("/home/munksgaard/.emacs.d/authinfo"))

            Of course, this is horribly insecure, and really quite silly, but in this case convenience wins over security.

            I have yet to find a similar solution for regular ssh in the terminal. sshpass seems quite finicky for some reason.

            1. 5

              Emacs has built in encryption support for all files, including its authinfo files. C-x C-w your authinfo to /home/munksgaard/.emacs.d/authinfo.gpg and source that instead, and when you try to access something Emacs should ask you for the decryption password.

              I’ve only used this for email information so ymmv, but I don’t see why it shouldn’t work.

              1. 1

                That’s very helpful indeed, thank you!

                1. 2

                  Nææh, en DIKUfant?

                  Get a hold of a hardware key like Yubikey and this solution gets even more awesome. With one of those you can store your GPG key in hardware, and set up the Yubikey so that decryption/signing requires you to touch a button on the fob.

                  You can derive an SSH key from your GPG key, drop that into ~/.ssh/authorized_keys and now all SSH access will require a touch. This way you can avoid the security issues with having your SSH private key in an unlocked keyring/ssh-agent, as an attacker will need to have physical access to your computer to be able to decrypt files/SSH. It also works with gpg-agent/ssh-agent forwarding.

                  1. 1

                    I’ve been considering it for a while, but I’m confused about which model to choose, and how to know if it interacts well with my Linux install. But I guess I’ll have to investigate more.

                    1. 2

                      I’ve used it on Linux for some 3-4 years now, works great. I’m currently using a YubiKey 4 series (full size USB A) and a YubiKey 5 (small size, USB A; permanently occupying a port in my laptop).

                      1. 1

                        Any idea if it works with fully-free distros? I’ve been looking into them as a better way to manage my keys, but don’t want to spend the money if it’s not definitely going to work. Also if you know of any blog posts about people’s experience please slide them my way; I’ve struggled to find many from Linux-y individuals (as opposed to mainstream Windows-oriented tech sites).

                        1. 1

                          Yes, everything is free as in libre. Works just fine on Debian. The Yubikey implements a smartcard and also works as a USB HID (for HOTP/U2F).

            2. 1

              Really appreciated the docker trick!