How can I use Emacs Tramp to double hop ssh?

Asked 3/4, 2009 at 21:49 Answered 12/4, 2022 at 12:11

My campus only lets ssh access through a gateway server. So to access the cluster I am coding on I have to ssh to the gateway and then ssh to the machine I am working on. The connection is very slow at times and is frustrating to work on.

I would love to use something like tramp which I understand would have the buffer open on my local machine and only talk through the network when I save to disk. I am not very familiar with tramp at all and struggling to get it to work, especially through the double hop. The documentation says this is accomplished through defining proxies in tramp, but I am unable to understand the syntax.

Does anyone know how to use emacs to code through a double hop or have an alternate workaround for editing code through two ssh hops?

Scintillation answered 3/4, 2009 at 21:49 Comment(1)

It might help if you could explain what exactly you don't understand about the documentation: gnu.org/software/tramp/#Multi_002dhops – Huron 4/4, 2009 at 6:31

If you have Emacs 24.3 or later, see Joe's answer for an alternative to the configuration described below. If you'll be using this double hop more than once, it may be worth either modifying tramp-default-proxies-alist as described below, or setting tramp-save-ad-hoc-proxies to t.

If you have Emacs 23.1 or later, then the multi method is no longer supported. You can achieve the same result by configuring "proxies".

In your .emacs config file add the following:

(add-to-list 'tramp-default-proxies-alist
                 '("HOSTB" nil "/ssh:USERA@HOSTA:"))

Where HOSTB is the destination host behind HOSTA.

Then type /ssh:USERB@HOSTB: and emacs will prompt for the HOSTA password then the HOSTB password.

Jonna answered 20/5, 2009 at 15:19 Comment(4)

Any idea why multi has been removed? It was awesome :( – Statement 20/5, 2009 at 15:42

I believe that Tom's pointing out that the functionality is still there, just in a different form. It's sad that it's harder to do it ad-hoc, but it's not gone. – Lyricist 3/6, 2011 at 21:22

In emacs 24 you can use pipes, example: /ssh:bird@bastion|ssh:you@remotehost:/path (see docs: gnu.org/software/tramp/#Ad_002dhoc-multi_002dhops) – Abm 7/5, 2013 at 1:52

can it make one hop authentication with password and another with private key? – Quentinquercetin 2/8, 2019 at 18:44

At least as of Emacs 24 they have a new version of multi you can open paths like this:

   /ssh:bird@bastion|ssh:you@remotehost:/path

I can confirm that this works on my version of Emacs 24.3.1. The docs describe it here.

Abm answered 7/5, 2013 at 1:55 Comment(2)

Also be aware of the potential traps when using this syntax with the su: and sudo: methods: https://mcmap.net/q/174039/-open-file-via-ssh-and-sudo-with-emacs – Hiltner 24/8, 2014 at 1:23

Confirm works on Emacs 26.1 on macOS 11.1 – Jakob 21/1, 2021 at 19:46

If you have Emacs 23.1 or later, then the multi method is no longer supported. You can achieve the same result by configuring "proxies".

In your .emacs config file add the following:

(add-to-list 'tramp-default-proxies-alist
                 '("HOSTB" nil "/ssh:USERA@HOSTA:"))

Where HOSTB is the destination host behind HOSTA.

Then type /ssh:USERB@HOSTB: and emacs will prompt for the HOSTA password then the HOSTB password.

Jonna answered 20/5, 2009 at 15:19 Comment(4)

Any idea why multi has been removed? It was awesome :( – Statement 20/5, 2009 at 15:42

I believe that Tom's pointing out that the functionality is still there, just in a different form. It's sad that it's harder to do it ad-hoc, but it's not gone. – Lyricist 3/6, 2011 at 21:22

In emacs 24 you can use pipes, example: /ssh:bird@bastion|ssh:you@remotehost:/path (see docs: gnu.org/software/tramp/#Ad_002dhoc-multi_002dhops) – Abm 7/5, 2013 at 1:52

can it make one hop authentication with password and another with private key? – Quentinquercetin 2/8, 2019 at 18:44

You should use ssh to do the double hop. In your .ssh/config:

Host <host that must be proxied too>
ProxyCommand ssh -qxT <gateway host> nc %h %p

Verjuice answered 3/4, 2009 at 21:54 Comment(4)

I have never gotten that to work. I trid it just now and it prompts me for my password on the gateway and says: "ssh_exchange_identification: Connection closed by remote host" Then quits – Scintillation 3/4, 2009 at 21:58

Keep in mind that you'll need netcat installed on the hop machine. However, you should be able to compile it yourself and keep it in ~/bin/ You may have to put the full path in the proxycommand (... /home/yourname/bin/nc %h %p) – Ramunni 3/4, 2009 at 21:59

Oh, and keep in mind that this will work best if you have keys set up, or you'll end up typing your password a lot (i.e. twice per login). – Ramunni 3/4, 2009 at 22:33

Yeah, this works for my other applications, but isn't working with Emacs 29... – Foredeck 20/4, 2022 at 15:7

In earlier Emacs versions, Tramp had a multi method. On GNU Emacs 22 and below, you could use it like this:

/multi:ssh:user1@host1:ssh:user2@host2:/foo/bar/baz

to open /foo/bar/baz on host2. The same thing is possible on XEmacs, but with a somewhat different syntax. You can use different access methods, too.

Speechmaker answered 13/4, 2009 at 0:0 Comment(3)

multi doesn't work using this for me. Hasn't it been removed in recent versions of Emacs? – Statement 20/5, 2009 at 15:42

How recent? I am using Emacs 22.3 on Debian/unstable boxes and it works just fine. – Speechmaker 31/5, 2009 at 17:7

They took out the support. I tried it on GNU Emacs 23.2.1 (i686-pc-cygwin, GTK+ Version 2.18.6) and got: "tramp-dissect-file-name: `multi' method is no longer supported, see (info "(tramp)Multi-hops")." – Forequarter 30/6, 2010 at 17:1

Using @fuzzy-waffle 's idea,

a complete config would look like this:

Host servera
  Hostname servera.lan.local
  User servera-user
  ProxyCommand ssh gateway-server -W %h:%p

Add your ~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub to ~/.ssh/known_keys on the servera.

In the end you can run C-x C-f /ssh:servera:~/abc.txt

Infinitive answered 12/4, 2022 at 12:11 Comment(4)

I already had this set up and works in terminal and in other applications, but Emacs still prompts me for passwords twice... – Foredeck 20/4, 2022 at 15:4

Do you have tramp specific config in Emacs? Or ssh specific ones? Try removing them? – Infinitive 20/4, 2022 at 17:42

No tramp specific or ssh specific configs; in any case, I get the same behavior after launching with the -q option. ssh'ing in using the terminal I have no problem; same thing when I use Sequel Ace. – Foredeck 20/4, 2022 at 19:22

I can't think of anything, are you using a special operating system that uses some kind of jails/sandbox? – Infinitive 21/4, 2022 at 4:29

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags