bash 如何永久存储服务器密钥?打开连接
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31113245/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
how to store server key permanently? openconnect
提问by Amir Abdollahi
Is there a way to store the server key after a successful connection, the way ssh does?
有没有办法在成功连接后存储服务器密钥,就像 ssh 那样?
No matter how many times I connect, I have to always type "yes" to accept the server key. I wish it would be accepted and stored forever.
无论我连接多少次,我都必须始终输入“是”以接受服务器密钥。我希望它会被接受并永久保存。
###############################
amir@amirpc:~$ sudo openconnect uk.cisadd.com -u myusername
POST https://uk.cisadd.com/
Attempting to connect to server xxx.xxx.xxx.xxx:443
SSL negotiation with uk.cisadd.com
Server certificate verify failed: signer not found
Certificate from VPN server "uk.cisadd.com" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view:
Connected to HTTPS on XXX.XXX.XXX.XXX
###############################
can write bash script to run openconnect and escape yes?
可以编写 bash 脚本来运行 openconnect 并转义是吗?
采纳答案by Behroozam
best way is first time you login into server save your --servercert in clipboard like this
最好的方法是第一次登录服务器时,像这样将 --servercert 保存在剪贴板中
echo "password" | sudo openconnect -u username uk2.cisadd.com --servercert sha25:xxxxxxx
回答by michelem
I bet you can do that with the option --no-cert-checkor having a valid SSL cert:
我敢打赌,您可以使用选项--no-cert-check或拥有有效的 SSL 证书来做到这一点:
sudo openconnect --no-cert-check uk.cisadd.com -u myusername
回答by Nikos
You can use --no-cert-checkif you don't care having your traffic decrypted. Otherwise use --servercert=FINGERPRINTwhere FINGERPRINT is the "Server key hash" as displayed in the certificate information.
--no-cert-check如果您不关心流量被解密,则可以使用。否则使用--servercert=FINGERPRINT其中 FINGERPRINT 是证书信息中显示的“服务器密钥哈希”。
回答by Daniel
I ran into the same problem on OpenWRT and my solution was to install the 'ca-certificates' package.
我在 OpenWRT 上遇到了同样的问题,我的解决方案是安装“ca-certificates”包。
# opkg install ca-certificates
Once I did this, openconnect stopped flagging 'signer not found'.
完成此操作后,openconnect 停止标记“未找到签名者”。
The benefit of this solution is that you're using the intended certificates and limiting your chances of compromising your network.
此解决方案的好处是您正在使用预期的证书并限制危害网络的机会。
