I have to re-login to my VPN every time I leave my desk, and it is tedious. I am trying to pass the shell the info but it doesn't get it in the right order. The order is "try to openconnect, enter sudo pw if needed, then username, then password". pexpect
would be good, since it can tell if you need your sudo
password or not, but isn't working:
#!/usr/bin/env python
# coding: utf-8
import os, sys, subprocess, time, re, pexpect
from my_scripting_library import *
child = pexpect.spawn('sudo openconnect vpn.com')
# send sudo pw
child.expect('.*')
child.sendline(sudopw)
# send sn
child.expect('.*')
child.sendline('cchilders')
# send work pw
child.expect('.*')
child.sendline(vpnpw)
time.sleep(150)
Here is what it looks like when I perform these steps manually:
cchilders:~/scripts/work_scripts [master]$ sudo openconnect vpn.com
[sudo] password for cchilders:
POST https://vpn.com
Attempting to connect to server 555.555.55.55:555
Please enter your username and password.
Username:
Password:
When I try to feed my sudo
password by shell like I have before, the VPN times out and says
SSL negotiation with vpn.com
Server certificate verify failed: certificate does not match hostname
I use
alias vpn='echo $MYPW | sudo -S openconnect vpn.com'
How can I send my sudo
password, then my username, then my VPN password all in a row from a shell/python script? Thank you
Both openconnect
and sudo
can take password on standard input. So how to do both? Create a script:
#!/bin/sh
password=$(cat /my/very/secure/vpn/password.txt)
echo "$password" | /usr/sbin/openconnect --user codyc4321 --passwd-on-stdin
Now, call the script with sudo
:
pw=$(cat /my/very/secure/sudo/password.txt)
echo "$pw" | sudo -S vpn.sh
It goes without saying that passwords stored in text files are dangerous and need to be protected with proper ownership and permissions. Removing the password requirement from sudo
as mentioned in the comments would mitigate half the risk, being able to connect to the VPN with a certificate would get rid of the rest.
Edit to add that you are misusing pexpect
by telling it to expect .*
for all situations. How will it tell if the prompt is from sudo
or openconnect
? I have zero Python experience, but have used expect
before. There are some good examples of how it works in Python.
One last edit to mention that your certificate error is nothing to do with this, and is occurring because you don't have your VPN server's certificate stored in your trusted certificates. Save the server certificate to your local disk and reference it with the --cafile
argument to openconnect
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.