Re: auth-source source password lookup for ssh + sudo

[Kai Tetzlaff]

Michael Albinus <michael.albinus@gmx.de> writes:

> Kai Tetzlaff <tramp@tetzco.de> writes:
>
> Hi Kai,
>
>>>> with auth-source enabled when SSHing to a server with sudo as 2nd hop
>>>> like `notroot@host.example.com|sudo:/etc/passwd` TRAMP apparently tries
>>>> to look up the sudo password using `user=root, host=host.example.com,
>>>> port=sudo` (at least that is what auth-source-pass tells me with
>>>> debugging enabled [1]). Now, why does the lookup use `user=root` instead of
>>>> `user=notroot`. Is there a way to change that?
>>>
>>> Could you please be more precise? 
>>> `notroot@host.example.com|sudo:/etc/passwd`
>>> does not look like a valid remote file name.
>>
>> Sorry, you're right. I meant:
>>
>>   /ssh:notroot@host.example.com|sudo::/etc/passwd
>
> The default password for the "sudo" method is "root", and that's what
> Tramp uses. If you want to have another user, apply
>
>   /ssh:notroot@host.example.com|sudo:user@:/etc/passwd
>
> Btw, in your example I don't understand why you want to access the
> remote host as user "notroot", and afterwards to change the user on that
> host to "notroot", again.

That's not what I want. The `sudo::` part *should* obtain `root`
privileges. However, the *password* which is required by sudo is the one
for the user of the first hop: `notroot`. So the password lookup should
be done for `notroot` instead of `root`.

Its not just the password lookup in auth-source, the password prompt
shown by TRAMP (if the password lookup faile) is misleading, too:

  Password for /sudo:root@host.example.com: 

This looks like a request for the password of the root user. However,
the password to be entered is that of `notroot` (the user of the first
hop).

>
> Best regards, Michael.

BR, Kai