[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auth-source source password lookup for ssh + sudo
From: |
Michael Albinus |
Subject: |
Re: auth-source source password lookup for ssh + sudo |
Date: |
Sat, 19 Feb 2022 10:38:49 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) |
Kai Tetzlaff <tramp@tetzco.de> writes:
> Hi Michael,
Hi Kai,
> sorry - it took a while to get my emacs config working with TRAMP from
> git (savannah) in order to apply the patch [1].
No problem, I could continue to work in parallel on the patch :-)
> 1. /ssh:remoteuser@host.example.com|sudo::/etc/passwd
>
> This triggers:
>
> a) an auth-source lookup for
>
> hostname="host.example.com", user="remoteuser", port="ssh"
>
> b) in case a) fails, a password prompt:
>
> `Password for /ssh:remoteuser@host.example.com: `
>
> => This looks pretty good. The auth-source lookup has the proper
> information to find a matching password. And if auth-source finds
> a matching entry, b) (password prompt) gets skipped.
>
> Just a minor issue: the `port="ssh"` is a bit misleading. The
> previous `port="sudo"` seemed clearer.
Fixed. It should ask now 'Password for /sudo:remoteuser@host.example.com: '
> 2. /ssh:host.example.com|sudo::/etc/passwd
>
> Which uses a host entry in ~/.ssh/config:
>
> Host host.example.com
> User remoteuser
>
> This triggers:
>
> a) an auth-source lookup for
>
> hostname="host.example.com", user="", port="ssh"
>
> b) a prompt for the user name:
>
> `ssh user name for host.example.com (default kai): `
>
> (the default seems to be the local (emacs session) username. So I
> changed that to `remoteuser`)
>
> c) a password prompt:
>
> `Password for /ssh:host.example.com: `
>
> => This one still has some issues.
>
> The auth-source lookup happens before b) (the prompt for the user
> name) and it is not repeated after obtaining the correct user
> name in b). So the lookup will typically fail.
>
> The password prompt in c) doesn't show the user name entered in
> b).
>
> Is it possible to do b) (ask for the username) before a)
> (auth-source lookup)?
This is a general problem, not introduced recently. Tramp knows only
user names which have been told, it does not check ssh config files and
alike.
But according to my recent tests, auth-source lookup is started now w/o
user (because it is nil), so it should be better now. Step b) is
skipped. To be confirmed by you.
> An option to configure a connection specific sudo (default) user
> would be nice (or, even better, extract the user name from the ssh
> config).
Oh, that exists already. See tramp-default-user-alist.
The adapted patch is appended, and it works (in my environment) for
local and remote sudo, for remote doas, and for local sudoedit.
Waiting for comments :-)
> Thanks & Best Regards,
> Kai.
Best regards, Michael.
txtiTt8XIPacL.txt
Description: Text Data
- auth-source source password lookup for ssh + sudo, Kai Tetzlaff, 2022/02/17
- Re: auth-source source password lookup for ssh + sudo, Michael Albinus, 2022/02/18
- Re: auth-source source password lookup for ssh + sudo, Kai Tetzlaff, 2022/02/18
- Re: auth-source source password lookup for ssh + sudo, Michael Albinus, 2022/02/18
- Re: auth-source source password lookup for ssh + sudo, Kai Tetzlaff, 2022/02/18
- Re: auth-source source password lookup for ssh + sudo, Michael Albinus, 2022/02/18
- Re: auth-source source password lookup for ssh + sudo, Kai Tetzlaff, 2022/02/18
- Re: auth-source source password lookup for ssh + sudo, Michael Albinus, 2022/02/18
- Re: auth-source source password lookup for ssh + sudo, Michael Albinus, 2022/02/18
- Re: auth-source source password lookup for ssh + sudo, Kai Tetzlaff, 2022/02/18
- Re: auth-source source password lookup for ssh + sudo,
Michael Albinus <=
- Re: auth-source source password lookup for ssh + sudo, Kai Tetzlaff, 2022/02/19
- Re: auth-source source password lookup for ssh + sudo, Michael Albinus, 2022/02/19
- Re: auth-source source password lookup for ssh + sudo, Kai Tetzlaff, 2022/02/19
- Re: auth-source source password lookup for ssh + sudo, Michael Albinus, 2022/02/20
- Re: auth-source source password lookup for ssh + sudo, Kai Tetzlaff, 2022/02/20