Re: Password and passphrase recognition
On Thu, 26 Oct 2000, Yuji Yamano wrote: > > I agree. I think we need a framework for easy configuration. For > example, here is an alist of regexp and function pair for login > procedure: > > (setq tramp-login-method-alist [...] This is a very good suggestion. I can see how to implement this, it wouldn't be hard at all. The only problem I can see with this is that we might be running into an infloop if something goes wrong. If the regexes are all right, then all will be well, but what happens if the `password incorrect' message from the remote end is something strange, such as `go away, dude'? And what happens if the remote shell prompt isn't matched by shell-prompt-pattern? As it is now, there is no loop and therefore I'm confident that there will be no infloop, either. If you can convince me that I don't need to be afraid of infloops, I'll go forth and implement it (as time permits). kai -- I like BOTH kinds of music.
Re: Password and passphrase recognition
> This is a very good point. So, you're saying that ssh should _not_ be > prompting for both passphrase and password, correct? I need to confirm Not really. Just that SSH, not being able to know in advance whether your private identity-key can be used to login, first tries to log in with it and when that fails, it reverts to the password login mechanism. > Also, what "judicious editing" of ~/.ssh/config do you mean. Sorry, > perhaps I should just read the ssh docs in more detail. You can tell SSH not to bother trying RSAAuthentication (i.e. authentication with your .ssh/identity) for specific hosts (if you know that it would fail) by putting something like: Host RSAAuthentication no `man ssh' will tell you more. Stefan
Re: Password and passphrase recognition
[David E. Young] > So, you're saying that ssh should _not_ be prompting for both > passphrase and password, correct? I need to confirm this > behavior with our network admins before Kai starts doing > something to tramp that isn't necessary. I would suppose that this has something to do with the setup of your system. (but beware; I use AFAIK ssh1, and I don't know anything about ssh2. Also, I have only very rudimentary knowledge of ssh, so I might be saying Wrong Things here. Please correct me if that's the case!) For instance, I have set up my accounts so that they ask for a passphrase (in addition to the password) the first time I log in on one of them (this is accomlished by a call to the program ssh-add in my starup file). If I log in on one of the others from this, I don't need to type any pass(word|phrase) information. The effect of this is in fact that I never need to type any pass-information when I use the Tramp facilities (always with the ssh-related methods), because I have done the authentication once and for all at the first login. What I am saying is that this might be set by default by your system admins. Thus, I think that you might be able to use the power of ssh in the first place, and then avoid all kinds of password-typing when using Tramp and ssh. I guess that if I don't type the passphrase correctly the first time, so the ssh-authentication fails, I will be prompted for a password, and then tha passphrase. The same might happen if I use any of Tramp's telnet-related methods. Henrik.
Re: Password and passphrase recognition
> "Yuji" == Yuji Yamano <[EMAIL PROTECTED]> writes: Yuji> David, sorry for my poor English. David Young Yuji> <[EMAIL PROTECTED]> writes: >> Greetings. After recent discussions with Kai, I have learned that >> tramp's ssh support does not work with sites that prompt for both a >> passphrase _and_ password (as ours does). Yuji> I have similar problems for a long time, but I don't have enough Yuji> elisp programming skill and time to solve it :-< My problems are Yuji> FWTK firewall and tset prompt at login time. Ok, so here is perhaps another data point. If I understand correctly, Yuji is also trying to access a site that prompts for both passphrase and password. BTW, a bit of background. As part of ssh configuration, my facility gives us three files; 1) a public key; 2) a private key; and 3) an "identification" file (don't know what this is). We're instructed to place these files in our .ssh2 directory. FWIW. Regards, -- - David E. Young Fujitsu Network Communications "The fact that ... we still ([EMAIL PROTECTED])live well cannot ease the pain of feeling that we no longer live nobly." -- John Updike "Programming should be fun, programs should be beautiful" -- P. Graham
Re: Password and passphrase recognition
> "Stefan" == Stefan Monnier <[EMAIL PROTECTED]> >writes: > "David" == David Young <[EMAIL PROTECTED]> writes: >> tramp's ssh support does not work with sites that prompt for both a >> passphrase _and_ password (as ours does). I would like to see tramp Stefan> I'm not sure I understand this right. Is that some very Stefan> special super-paranoid version of SSH ? Not that I know of; my understanding is our facility is using stock ssh2. Stefan> My understanding of SSH is that it either uses passphrase (to Stefan> decrypt your private identity-key, in order to then prove your Stefan> identity to the remote site) or a password. I.e. you might be Stefan> prompted for both, but if so, that just means that your Stefan> private identity-key failed to give you access, so you can Stefan> avoid the passphrase prompting altogether by judicious editing Stefan> of ~/.ssh/config... This is a very good point. So, you're saying that ssh should _not_ be prompting for both passphrase and password, correct? I need to confirm this behavior with our network admins before Kai starts doing something to tramp that isn't necessary. Also, what "judicious editing" of ~/.ssh/config do you mean. Sorry, perhaps I should just read the ssh docs in more detail. Regards, -- - David E. Young Fujitsu Network Communications "The fact that ... we still ([EMAIL PROTECTED])live well cannot ease the pain of feeling that we no longer live nobly." -- John Updike "Programming should be fun, programs should be beautiful" -- P. Graham
Re: Password and passphrase recognition
David, sorry for my poor English.
David Young <[EMAIL PROTECTED]> writes:
> Greetings. After recent discussions with Kai, I have learned that
> tramp's ssh support does not work with sites that prompt for both a
> passphrase _and_ password (as ours does).
I have similar problems for a long time, but I don't have enough
elisp programming skill and time to solve it :-<
My problems are FWTK firewall and tset prompt at login time.
> Perhaps, without looking deeply at the tramp code, this behavior would
> be best implemented as a user-configurable feature.
I agree. I think we need a framework for easy configuration. For example,
here is an alist of regexp and function pair for login procedure:
(setq tramp-login-method-alist
'((".*ogin: *$" . tramp-send-login)
("^.*\\([pP]assword\\|passphrase.*\\):\^@? *$" . tramp-send-passwd)
(".*ogin incorrect" . 'login-failed)
("^TERM = (.*)$" . tramp-send-term)
(shell-prompt-pattern . 'login-ok)))
When tramp find one of the expressions in output from a remote machine,
a paired function will be called. But if the function equal to
'login-failed or 'login-ok, tramp will exit the loop.
Any comments?
--
Yuji Yamano
