Hello, I've been having difficulty using Tramp to access files on a server protected by an OTP, causing a considerable hang until timeout. I've suspected a regex problem and attempted to edit relevant settings to no avail, and I'm concerned that my environment may be the problem. All details to follow:
My local machine is Windows 11, running Emacs 29.4, using Tramp 2.8.0.4. My remote server is a Linux box that's using Zsh with Google-Authenticator for the OTP with a default prompt. Only passwordless SSH connections with a key and OTP are allowed. I've successfully used Tramp (with default configurations) to connect to my server *without* OTP enabled. As I am running on a Windows machine, I have to use the `scpx` or `sshx` methods to force pseudo TTY allocation with the `-t -t` flags, and I have further confirmed that `ssh -l <user> -p <port> -e none -t -t -o RemoteCommand="/bin/sh -i" <ip address>` works both within Emacs EShell and Emacs Shell, as well as from an external Windows Terminal instance. Once OTP is enabled, Tramp, Emacs EShell, and Emacs Shell all hang where I'd expect the OTP prompt, but Windows Terminal continues to connect fine after inputting the OTP. Inspecting the SSHD logs, it acknowledges the incoming connection prior to authenticating with an OTP, running `ssh -vvv ...` and inspecting the debug2 messages show `input_userauth_info_req: num_prompts 1` which is the very same message I receive before the OTP prompt, but Tramp, Emacs Eshell, and Emacs Shell all hang at this stage. Inspecting the debug buffer (`tramp-verbose` is 6) has the same message looped, over 3 million lines of this: ``` 22:28:22.682760 tramp-process-one-action (5) # Looking for regexp "\(.*\(?:login\|user\)\(?:[[:blank:]].*\)?:[[:blank:]]*\)\'" from remote shell 22:28:22.682814 tramp-process-one-action (5) # Looking for regexp "\(^.*\(\(?:adgangskode\|contrase\(?:\(?:ny\|ñ\)a\)\|decryption key\|encryption key\|geslo\|h\(?:\(?:asł\|esl\)o\)\|iphasiwedi\|jelszó\|l\(?:ozinka\|ösenord\)\|m\(?:ot de passe\|ật khẩu\)\|p\(?:a\(?:rola\|s\(?:ahitza\|s\(?: phrase\|code\|ord\|phrase\|wor[dt]\)\|vorto\)\)\|in\)\|s\(?:alasana\|enha\|laptažodis\)\|wachtwoord\|лозинка\|пароль\|ססמה\|كلمة السر\|गुप्तशब्द\|शब्दकूट\|গুপ্তশব্দ\|পাসওয়ার্ড\|ਪਾਸਵਰਡ\|પાસવર્ડ\|ପ୍ରବେଶ ସଙ୍କେତ\|கடவுச்சொல்\|సంకేతపదము\|ಗುಪ್ತಪದ\|അടയാളവാക്ക്\|රහස්පදය\|ពាក្យសម្ងាត់\|パスワード\|密[码碼]\|암호\)\).*[:៖:]\0?[[:blank:]]*\)\'" from remote shell 22:28:22.682904 tramp-process-one-action (5) # Looking for regexp "\(^.*\(Verification code\).*[:៖:][[:blank:]]*\)\'" from remote shell 22:28:22.682937 tramp-process-one-action (5) # Looking for regexp "\(^.*\(?:Permission denied\|Timeout, server not responding\.\|Sorry, try again\.\|Name or service not known\|Host key verification failed\.\|Authentication failed\|No supported authentication methods left to try!\|Login \(?:[Ii]ncorrect\)\|Connection \(?:\(?:clo\|refu\)sed\)\|Received signal [[:digit:]]+\).*\)\'" from remote shell 22:28:22.682967 tramp-process-one-action (5) # Looking for regexp "\(^[^#$%> ]*[#$%>] *\)\'" from remote shell 22:28:22.682992 tramp-process-one-action (5) # Looking for regexp "\(\(?:^\| \)[^] #-%>]*#?[]#-%>][[:blank:]]*\)\'" from remote shell 22:28:22.683016 tramp-process-one-action (5) # Looking for regexp "\(Are you sure you want to continue connecting (yes/no\(?:/\[fingerprint]\)?)\?[[:blank:]]*\)\'" from remote shell 22:28:22.683042 tramp-process-one-action (5) # Looking for regexp "\(\(?:Store key in cache\? (y/n.*)\|Update cached key\? (y/n, Return cancels connection)\)[[:blank:]]*\)\'" from remote shell 22:28:22.683070 tramp-process-one-action (5) # Looking for regexp "\(\(?:TERM = (.*)\|Terminal type\? \[.*]\)[[:blank:]]*\)\'" from remote shell 22:28:22.683098 tramp-process-one-action (5) # Looking for regexp "\(Access granted\. Press Return to begin session\. \)\'" from remote shell 22:28:22.683433 tramp-process-one-action (5) # Looking for regexp "\(^ *Confirm user presence for key .*[ ]*\)\'" from remote shell 22:28:22.683487 tramp-process-one-action (5) # Looking for regexp "\(^ *\(Enter PIN for .*\)[ ]*\)\'" from remote shell 22:28:22.683527 tramp-process-one-action (5) # Looking for regexp "\(\)\'" from remote shell 22:28:22.683566 tramp-process-one-action (5) # Call ‘tramp-action-process-alive’ ``` I have attached the full log with anonymised details. I anticipated that it was a regex issue, and I have made attempts to edit `tramp-password-prompt-regexp` and `tramp-otp-password-prompt-regexp` to no success. In particular, inspecting the value of the otp variable shows `^.*\(Verification code\).*[:៖:][[:blank:]]*` which should match the default verification prompt of `(<user>@<ip address>) Verification code:`, but no luck. Edits I have made were to add the verification prompt to the password prompt regex, as well as attempting to match the verification prompt character-for-character in both password and otp regexes. I've also attached a screenshot of a successful connection to my server with OTP via Windows Terminal as further evidence of what my prompts look like as well as what a successful connection looks like. I won't discount the possibility that I may have entered the regexes incorrectly, though I'm confident I've done my due diligence here. Finally, I have finished reviewing the Tramp documentation on remote shell setup as well as inline/external methods, links below. I can't say in confidence that I've necessarily understood or implemented everything that's written, but I wanted to highlight that I am aware of this resource, and I have spotted that, supposedly, `sshx` does not bypass authentication questions but that `scpx` may avoid login shell questions, which sounds like it could cause conflict with OTP prompts. I'll disclose that I've attempted using both `scpx` and `sshx` to the same result, though I prefer `scpx` for the faster transfer speeds of large files. All in all, I'm stuck and unsure how to proceed further. What more can I do? Any help will be greatly appreciated. Related threads: https://www.mail-archive.com/[email protected]/msg06271.html https://mail-archive.com/[email protected]/msg06172.html https://www.mail-archive.com/[email protected]/msg05964.html Relevant Documentation: https://www.gnu.org/software/emacs/manual/html_node/tramp/Inline-methods.html https://www.gnu.org/software/emacs/manual/html_node/tramp/External-methods.html https://www.gnu.org/software/emacs/manual/html_node/tramp/Remote-shell-setup.html keywords for search: 2FA, two-factor, two factor, OTP, one time password, one-time password, authentication, scpx, sshx, Windows, Windows 11, Emacs 29.4, Tramp 2.8.0.4, tramp-password-prompt-regexp, tramp-otp-password-prompt-regexp. anonymised tramp log.txt <https://drive.google.com/file/d/1xVhTD3LFxsNZX9WfDoNJ-XZJ9wNhAlsy/view?usp=drive_web>
