Tramp: Handle PIN requests from security keys (don't merge)

* doc/misc/tramp.texi (Frequently Asked Questions): Clarify FIDO entry.

* lisp/net/tramp-sh.el (tramp-actions-before-shell)
(tramp-actions-copy-out-of-band):
Use `tramp-security-key-pin-regexp'.

* lisp/net/tramp.el (tramp-security-key-pin-regexp): New defcustom.
(tramp-action-otp-password, tramp-read-passwd): Trim password prompt.
(tramp-action-show-and-confirm-message): Expand for PIN requests.

1 files changed, 8 insertions, 3 deletions

diff --git a/doc/misc/tramp.texi b/doc/misc/tramp.texi
index 3be88d1767a..d6031d96d6b 100644
--- a/doc/misc/tramp.texi
+++ b/doc/misc/tramp.texi
@@ -5070,9 +5070,14 @@ Does @value{tramp} support @acronym{SSH} security keys?
 Yes.  @command{OpenSSH} has added support for @acronym{FIDO} hardware
 devices via special key types @option{*-sk}.  @value{tramp} supports
 the additional handshaking messages for them.  This requires at least
-@command{OpenSSH} 8.2, and a @acronym{FIDO} @acronym{U2F} compatible
-security key, like yubikey, solokey, nitrokey, or titankey.
-
+@command{OpenSSH} 8.2, and a @acronym{FIDO} @acronym{U2F} or
+@acronym{FIDO2} compatible security key, like yubikey, solokey,
+nitrokey, or titankey.
+@c @uref{https://docs.fedoraproject.org/en-US/quick-docs/using-yubikeys/}
+
+@strong{Note} that there are reports on problems of handling yubikey
+residential keys by @command{ssh-agent}.  As workaround, you might
+disable @command{ssh-agent} for such keys.
 
 @item
 @value{tramp} does not connect to Samba or MS Windows hosts running