stackoom
  简体   繁体   中英

automating shell script to login vpn passing sudo -S

 原文  2016-02-02 16:43:58       python/ linux/ bash/ shell/ pexpect

Question

I have to re-login to my VPN every time I leave my desk, and it is tedious. I am trying to pass the shell the info but it doesn't get it in the right order. The order is "try to openconnect, enter sudo pw if needed, then username, then password". pexpect would be good, since it can tell if you need your sudo password or not, but isn't working: 

#!/usr/bin/env python
# coding: utf-8

import os, sys, subprocess, time, re, pexpect

from my_scripting_library import *

child = pexpect.spawn('sudo openconnect vpn.com')

# send sudo pw
child.expect('.*')
child.sendline(sudopw)

# send sn
child.expect('.*')
child.sendline('cchilders')

# send work pw
child.expect('.*')
child.sendline(vpnpw)
time.sleep(150)

Here is what it looks like when I perform these steps manually: 

cchilders:~/scripts/work_scripts [master]$ sudo openconnect vpn.com
[sudo] password for cchilders: 
POST https://vpn.com
Attempting to connect to server 555.555.55.55:555


Please enter your username and password.
Username:
Password:

When I try to feed my sudo password by shell like I have before, the VPN times out and says

SSL negotiation with vpn.com

Server certificate verify failed: certificate does not match hostname

I use 

alias vpn='echo $MYPW | sudo -S openconnect vpn.com'

How can I send my sudo password, then my username, then my VPN password all in a row from a shell/python script? Thank you

1 answers

solution1
 3  2016-02-02 18:55:57

Both openconnect and sudo can take password on standard input. So how to do both? Create a script: 

#!/bin/sh
password=$(cat /my/very/secure/vpn/password.txt)
echo "$password" | /usr/sbin/openconnect --user codyc4321 --passwd-on-stdin

Now, call the script with sudo : 

pw=$(cat /my/very/secure/sudo/password.txt)
echo "$pw" | sudo -S vpn.sh

It goes without saying that passwords stored in text files are dangerous and need to be protected with proper ownership and permissions. Removing the password requirement from sudo as mentioned in the comments would mitigate half the risk, being able to connect to the VPN with a certificate would get rid of the rest.

Edit to add that you are misusing pexpect by telling it to expect .* for all situations. How will it tell if the prompt is from sudo or openconnect ? I have zero Python experience, but have used expect before. There are some good examples of how it works in Python.

One last edit to mention that your certificate error is nothing to do with this, and is occurring because you don't have your VPN server's certificate stored in your trusted certificates. Save the server certificate to your local disk and reference it with the --cafile argument to openconnect

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Python automating a wget script with login required How to kill a shell script invoked with Popen with sudo? Passing a list in shell script Passing a shell variable to inline python in a shell script How to run sudo commands in shell/linux using python script Passing arguments from shell script to jython script Passing arguments to Python script wrapped in shell script Passing shell script variable to Python script as argument python with selenium automating login passing argument to python from shell script
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM