Client environment is having several restriction:
1) Disabled SSH interactive login for "deployment" ID. That causes OOTB feature (set credential) and action (SSH actions) not working.
2) Sudo not allowed
3) Key exchange not allowed, thus user must enter password (password auto reset every hour) before each deployment start.
4) Agent cannot be run as "deployment ID" for security purpose. It has to be "su" from allowed credential.
Without RA, user needs to:
1) Login to their "2F-authentication" ID (similar to CA PMFKEY). This is an allowed credential to "su" into deployment ID.
2) After logined, perform "su - <deployment ID>"
3) Key in password (retrieved from PasswordVault..ie: CyberArk)
"SU" command doesnt support password as input parameter, it's now a challenge to even start performing the deployment. Tried "echo <password> | su - deployID" but in vain.
Help needed.