用于自动 OpenVPN 登录的 Bash 脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26342569/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Bash Script for automated OpenVPN logon
提问by rachelproelec
I am very new to bash scripting, so I apologize in advance for being vague. I have a varied number of OpenVPN configuration profiles I need to connect too on a daily basis, and would like to make this a little easier by introducing automation.
我对 bash 脚本很陌生,所以我提前道歉,因为我含糊不清。我有各种各样的 OpenVPN 配置文件,我每天也需要连接,并希望通过引入自动化使这更容易一些。
So I am able to get to the authorization part of the process and that's where I get stuck:
所以我能够进入流程的授权部分,这就是我卡住的地方:
Your IP is xx.xx.xx.xx
Mon Oct 13 09:57:14 2014 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 19 2013
Enter Auth Username:
I would like to know how I can use bash to automatically log on using my username and password. So the script would populate and confirm the 2 authorization fields.
我想知道如何使用 bash 使用我的用户名和密码自动登录。因此脚本将填充并确认 2 个授权字段。
Enter Auth Username: username
输入验证用户名:用户名
Enter Auth Password: password
输入验证密码:密码
Then once populated and confirmed, I will be connected to the VPN.
然后一旦填充并确认,我将连接到 VPN。
I appreciate any help, and please let me know if more information is required.
感谢您的帮助,如果需要更多信息,请告诉我。
My current script I am working with is this:
我目前正在使用的脚本是这样的:
#!/bin/sh
expect_path="$(which expect)"
"$expect_path" "can't read "(which expect)": no such variable
while executing
"expect_path="$(which expect)""
(file "./vpn.sh" line 2)
./vpn.sh: 7: ./vpn.sh: spawn: not found
expect: invalid option -- 'r'
usage: expect [-div] [-c cmds] [[-f] cmdfile] [args]
./vpn.sh: 9: ./vpn.sh: send: not found
./vpn.sh: 10: ./vpn.sh: Syntax error: "}" unexpected
" "$@"
#!/bin/usr/expect -f
spawn sudo openvpn /root/Desktop/my.conf #Path to Openvpn config file (.ovpn)
expect -r "\[sudo\] .*\: " {
send "my_ownpassword\n"
}
expect "Enter Auth Username:" {
send "my_user\n"
}
expect "Enter Auth Password:" {
send "my_vpnpassword\n"
}
interact
Current error I am getting:
我得到的当前错误:
#!/bin/bash
# the above shebang is necessary; much of this will not work with /bin/sh
# also, /dev/tcp support is optional functionality at compile time; be sure your bash
# supports it, or you might need to rewrite using netcat.
# Assuming you start OpenVPN with at least the options:
# --management 127.0.0.1 3030
# --management-query-passwords
# connect to OpenVPN management socket on FD 3
exec 3<>/dev/tcp/127.0.0.1/3030
pk_password=secret1 # private key password
username=squirrel # username
password=secret2 # auth password paired with username
# read anything it sends
while read -r -u 3; do
# if it asks for a password, then give it one
if [[ $REPLY = ">PASSWORD: Need 'Private Key' password" ]]; then
echo 'password "Private Key" '"$pk_password" >&3
elif [[ $REPLY = ">PASSWORD: Need 'Auth' username/password" ]]; then
echo 'username "Auth" '"$username" >&3
echo 'password "Auth" '"$password" >&3
else
echo "Ignoring message: $REPLY" >&2
fi
done
回答by Charles Duffy
See https://openvpn.net/index.php/open-source/documentation/miscellaneous/79-management-interface.htmlfor documentation on the TCP protocol intended for use in programmatically controlling an OpenVPN instance.
有关用于以编程方式控制 OpenVPN 实例的 TCP 协议的文档,请参阅https://openvpn.net/index.php/open-source/documentation/miscellaneous/79-management-interface.html。
Use from bash might look something like the following:
从 bash 使用可能类似于以下内容:
#!/bin/bash
exec 3<>/dev/tcp/127.0.0.1/3030
username=xxxxxxxxx # username
password=yyyyyyyyy # auth password paired with username
# read anything it sends
while read -r -u 3; do
if [[ $(echo $REPLY | grep ">PASSWORD:Need 'Auth' username/password") ]]; then
echo "username \"Auth\" $username" >&3
echo "password \"Auth\" $password" >&3
else
echo "Ignoring message: $REPLY" >&2
fi
done
All that said -- storing usernames and passwords in plaintext is a horrible, horrible idea. If you actually want your VPN to be secure, and you don't have a user available to enter a password that's something they know (vs something they have stored on the computer), you should be using strong private key auth -- ideally, with that key stored on a hardware token that doesn't allow it to be read out, not a (weak, trivially stolen) password.
所有这一切 - 以明文形式存储用户名和密码是一个可怕的想法。如果您确实希望您的 VPN 是安全的,并且您没有一个用户可以输入他们知道的密码(与他们存储在计算机上的密码相比),则您应该使用强私钥身份验证——理想情况下,将该密钥存储在不允许读取的硬件令牌上,而不是(弱的,微不足道的)密码。
Of course, given as this question presupposes that you're willing to do silly, insecure things, you can also make this easier on yourself:
当然,鉴于这个问题的前提是你愿意做愚蠢的、不安全的事情,你也可以让自己更轻松:
Recompile OpenVPN with the ENABLE_PASSWORD_SAVEflag set (configure --enable-password-saveon UNIX), and then --auth-user-passin your config file will accept a filename as an optional argument giving the location on disk where username and password are stored.
使用ENABLE_PASSWORD_SAVE设置的标志重新编译 OpenVPN (configure --enable-password-save在 UNIX 上),然后--auth-user-pass在您的配置文件中将接受一个文件名作为可选参数,提供存储用户名和密码的磁盘位置。
That's actually more secure than the management-interface approach, since it means you aren't giving out your password to any other user who sets up a service on port 3030 pretending to be OpenVPN's management interface.
这实际上比管理接口方法更安全,因为这意味着您不会将密码提供给在端口 3030 上设置服务的任何其他用户,这些用户伪装成 OpenVPN 的管理接口。
回答by linux4fun
Could not get your code to work due, I edited it a little and it works fine now...
无法使您的代码正常工作,我对其进行了一些编辑,现在可以正常工作了...
##代码##