@@ -114,21 +114,37 @@ reads for the host and port prompts when you invoke
114114 ("host-b" "7888")))
115115```
116116
117- ## SSH
117+ ## Working with Remote Hosts
118118
119- In some circumstances, cider can try to use SSH to either:
119+ While most of the time you'd be connecting to a locally running nREPL
120+ server, that was started manually or via ` cider-jack-in-* ` , there's
121+ also the option to connect to remote nREPL hosts. For the sake of security
122+ CIDER has the ability to tunnel a connection over SSH in such cases.
123+ This behavior is controlled by
124+ ` nrepl-use-ssh-fallback-for-remote-hosts ` : when true, CIDER will attempt to
125+ connect via ssh to remote hosts when unable to connect directly. It's
126+ ` nil ` by default.
120127
121- * Tunnel a connection over SSH.
122- * Infer the remote nREPL port for a direct connection.
128+ There's also ` nrepl-force-ssh-for-remote-hosts ` which will force the use
129+ of ssh for remote connection unconditionally .
123130
124- This behavior is controlled by two options (both default ` nil ` ):
131+ !!! Warning
125132
126- * ` nrepl-use-ssh-fallback-for-remote-hosts ` : When true, attempt to connect via ssh
127- to remote hosts when unable to connect directly.
128- * ` cider-infer-remote-nrepl-ports ` : When true, cider will use ssh to try to infer
129- nREPL ports on remote hosts (for a direct connection).
133+ As nREPL connections are insecure by default you're encouraged to use only SSH
134+ tunneling when connecting to servers running outside of your network.
130135
131- Note that enabling either of these causes cider to use
132- [ tramp] ( https://www.gnu.org/software/tramp/ ) for some SSH operations, which parses
133- config files such as ` ~/.ssh/config ` and ` ~/.ssh/known_hosts ` . This is known to
134- cause problems with complex or nonstandard ssh configs.
136+ There's a another case in which CIDER may optionally leverage the ` ssh ` command - when
137+ trying to figure out potential target hosts and ports when you're doing ` cider-connect-* ` .
138+ If ` cider-infer-remote-nrepl-ports ` is true, CIDER will use ssh to try to infer
139+ nREPL ports on remote hosts (for a direct connection). That option is also set to ` nil `
140+ by default.
141+
142+ !!! Note
143+
144+ Enabling either of these causes CIDER to use
145+ [TRAMP](https://www.gnu.org/software/tramp/) for some SSH operations, which parses
146+ config files such as `~/.ssh/config` and `~/.ssh/known_hosts`. This is known to
147+ cause problems with complex or nonstandard ssh configs.
148+
149+ You can safely run ` cider-jack-in-* ` while working with remote files over TRAMP. CIDER
150+ will handle this use-case transparently for you.
0 commit comments