Edit: Solved...
I'm using emacs 26.2, tramp 2.5.0, on OSX High Sierra 10.13.6...
The server login requires:
- A normal password
- A passcode from a phone call
- The user has to specify a reason for the login
A successful login on a normal terminal looks like this:
$ ssh username@target-username@hostname@psmpprod.corp.company-name.com
Enter your Windows domain password:
RADIUS challenge: authfactor.call.prompt Enter '0' to abort.
You are required to specify a reason for this operation:
bla bla bla bla bla
Connection string:
First, in formatting the ssh string for tramp, I found that I couldn't use the -l argument in the ssh call. Found that I would get:
$ ssh -l username@target-username -e none hostname@psmpprod.corp.company-name.com
Enter your Windows domain password:
RADIUS challenge: authfactor.call.prompt Enter '0' to abort.
Failed to obtain account. Error: [010E Retrieve target account [__ADBRIDGE_TARGET_USER_TOKEN__] with address [target-username] failed. Error: [076E Password object was not found (Diagnostic Info: 5). Please check that there is a password object that answers your query in the Vault and that both the PSM SSH Proxy and the Vault user have the appropriate permissions needed in order to use the password.]] (Diagnostic Info: 1)
But, when you format as one string as at the beginning of the post, it works. So the correct thing to do in init.el to define a method psmx which would work as /psmx:target-username@target-hostname was as follows:
(add-to-list 'tramp-methods
'("psmx"
(tramp-login-program "ssh")
(tramp-login-args
(("-p" "%p")
("%c")
("-e" "none")
("username@%u@%h@psmpprod.corp.company-name.com")))
(tramp-async-args
(("-q")))
(tramp-remote-shell "/bin/sh")
(tramp-remote-shell-login
("-l"))
(tramp-remote-shell-args
("-c"))))
Multi-hop error
Then, in tramp debug log I observed an error related to multi-hops.
Host name ‘hostname’ does not match ‘\`\(127\.0\.0\.1\|::1\|[myhostname]\|localhost6?\)\'’
I crudely solved it by commenting out the following lines in tramp.el:
(unless
(member
'("%h") (tramp-get-method-parameter item 'tramp-login-args))
...
(tramp-user-error
vec "Host name `%s' does not match `%s'" host previous-host))
Parsing strings
Then, so that tramp could read the authfactor prompt and reason for operation, I modified tramp-password-prompt-regexp to include authfactor.call.prompt and operation.
I found out that there were some weird characters in the prompt asking for reason for operation. Wouldn't work unless I put all these junk regex character sets in below:
(setq
tramp-password-prompt-regexp
(concat
"^[[:space:][:ascii:][:nonascii:][:cntrl:]]*.*"
(regexp-opt
'("passphrase" "Passphrase"
"password" "Password"
"authfactor.call.prompt"
"operation") t)
".*[[:space:][:ascii:][:nonascii:][:cntrl:]]*"))
This worked, I was prompted for the second authentication step, and the reason for operation, and everything worked out.
