CODEWITHSUNDEEP
emacstramp
Manolete
Manolete

Reputation: 3517

Could Emacs be used to login via 2FA token?

I wanted to login to a system which uses 2FA token authentication. Unfortunately Emacs does not seem to prompt for the 2FA token and just hangs there until it reaches a timeout call. The ssh mechanism is very simple; public IP, username and key. Once it connects the prompt is also quite standard "Enter your 2FA token:"

Is there anything I need to do/configure in Emacs to be able to obtain the 2FA prompt and introduce the token?

Upvotes: 1

Views: 162

Answers (2)

Cheeso
Cheeso

Reputation: 192467

If you are talking about authenticating with a security key, like a FIDO2 key, when opening a remote file via Tramp, .... It works for me. I use Emacs 28.2 running on Windows 10.

Steps, roughly:

  1. open a ssh session to the remote host using an existing authorized key. You can do this in emacs with a tramp url. I used /sshx:remotehost:/home .

  2. upgrade Windows to OpenSSH v9.2.2.0 or some version that supports security keys. The builtin OpenSSH, available in c:\windows\system32\openssh, is version 8.1p1, which is not sufficient, it does not support security keys. When you "upgrade" really you're installing a new version of OpenSSH. It will appear in c:\progra~1\OpenSSH. You'll need to take care to use the proper version of OpenSSH from now on.

  3. In a powershell terminal, create a keypair via

    c:\progra~1\OpenSSH\ssh-keygen -t ecdsa-sk -f ~/.ssh/sk-1

  4. Modify the ~/.ssh/authorized_keys on the remote host, to accept only the public key you just generated. You can do this via the previously opened tramp session.

  5. Modify the tramp-methods in emacs to use the new ssh.exe, like this:

    (setf
 (car (alist-get "sshx" tramp-methods nil nil #'equal))
 '(tramp-login-program "C:/Progra~1/OpenSSH/ssh.exe"))

  6. close out tramp sessions. Re-open the same tramp filespec. See the challenge for the Security Key. Touch the key. See it work. Rejoice.

Upvotes: 1

Michael Albinus
Michael Albinus

Reputation: 1656

You seem to use Tramp. Since Tramp 2.5 (integrated in Emacs 28), it supports the user option tramp-security-key-confirm-regexp. Please configure it accordingly.

In case it still doesn't work, set tramp-verbose to 6, and contact the mailing list [email protected].

Upvotes: 3

Related Questions