Linux 在 Ubuntu 10.10 中直接将私钥密码传递给 openvpn 命令
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11240184/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Pass private key password to openvpn command directly in Ubuntu 10.10
提问by bond
I tried the method with different parameter
我尝试了不同参数的方法
I have password.
Here below password is mypassword
我有密码。
下面的密码是mypassword
1)
1)
root$ echo mypassword || openvpn client.conf.ovpn
the result was display:
结果显示:
mypassword
2)
2)
root$ openvpn client.warriors.conf.ovpn || echo mypassword
the result was display:
结果显示:
Thu Jun 28 00:00:00 2012 us=757575 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Enter Private Key Password:
(still need to enter password manualy )
(仍需手动输入密码)
I don't want to have to enter the password manually. How can I achieve this?
我不想手动输入密码。我怎样才能做到这一点?
3) DUDE
3) 伙计
After running the script it exit out with following:
运行脚本后,它退出了以下内容:
Fri Jun 29 11:56:59 2012 us=707916 cf_max = 0
Fri Jun 29 11:56:59 2012 us=707925 cf_per = 0
Fri Jun 29 11:56:59 2012 us=707934 max_clients = 1024
Fri Jun 29 11:56:59 2012 us=707944 max_routes_per_client = 256
Fri Jun 29 11:56:59 2012 us=707953 auth_user_pass_verify_script = '[UNDEF]'
Fri Jun 29 11:56:59 2012 us=707963 auth_user_pass_verify_script_via_file = DISABLED
Fri Jun 29 11:56:59 2012 us=707973 ssl_flags = 0
Fri Jun 29 11:56:59 2012 us=707982 port_share_host = '[UNDEF]'
Fri Jun 29 11:56:59 2012 us=707992 port_share_port = 0
Fri Jun 29 11:56:59 2012 us=708001 client = ENABLED
Fri Jun 29 11:56:59 2012 us=708010 pull = ENABLED
Fri Jun 29 11:56:59 2012 us=708020 auth_user_pass_file = '[UNDEF]'
Fri Jun 29 11:56:59 2012 us=708032 OpenVPN 2.1.0 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 12 2010
Fri Jun 29 11:56:59 2012 us=708131 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Enter Private Key Password:
Fri Jun 29 11:56:59 2012 us=726649 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jun 29 11:56:59 2012 us=726805 WARNING: file 'client-team-20110222.key' is group or others accessible
Fri Jun 29 11:56:59 2012 us=727136 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Fri Jun 29 11:56:59 2012 us=875611 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jun 29 11:56:59 2012 us=876742 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Fri Jun 29 11:56:59 2012 us=876777 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Jun 29 11:56:59 2012 us=876788 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Jun 29 11:56:59 2012 us=876810 Local Options hash (VER=V4): 'd902a8f8'
Fri Jun 29 11:56:59 2012 us=876825 Expected Remote Options hash (VER=V4): '7e078940'
Fri Jun 29 11:56:59 2012 us=877124 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Fri Jun 29 11:56:59 2012 us=877145 Attempting to establish TCP connection with [AF_INET]89.105.130.193:444 [nonblock]
Fri Jun 29 11:57:00 2012 us=877280 TCP connection established with [AF_INET]89.105.130.193:444
Fri Jun 29 11:57:00 2012 us=877337 Socket Buffers: R=[87380->131072] S=[16384->131072]
Fri Jun 29 11:57:00 2012 us=877353 TCPv4_CLIENT link local: [undef]
Fri Jun 29 11:57:00 2012 us=877364 TCPv4_CLIENT link remote: [AF_INET]89.105.130.193:444
Fri Jun 29 11:57:00 2012 us=877568 TLS: Initial packet from [AF_INET]89.105.130.193:444, sid=c5d843bc e9f3e6ab
Fri Jun 29 11:57:04 2012 us=105788 VERIFY OK: depth=1, /C=IE/ST=NA/L=DUB/O=ABC.OpenVPN/OU=server-terminus/CN=terminus/[email protected]
Fri Jun 29 11:57:04 2012 us=106189 VERIFY OK: nsCertType=SERVER
Fri Jun 29 11:57:04 2012 us=106202 VERIFY OK: depth=0, /C=IE/ST=NA/O=abc.OpenVPN/OU=server-terminus/CN=terminus/[email protected]
root@bond$
exit in this way is it normal.
这样退出正常吗。
回答by Sturm
Try a shell script such as:
尝试使用 shell 脚本,例如:
#!/usr/bin/expect -f
spawn openvpn client.warriors.conf.open
match_max 100000
expect "*?assword:*"
send -- "mypassword"
send -- "\r"
expect eof
You'll need to chmod +x this, you can also set it as an environment variable so you don't have to type out the directory.
您需要 chmod +x this,您也可以将其设置为环境变量,这样您就不必键入目录。
Looks like they got this script to work: https://unix.stackexchange.com/questions/9055/establish-openvpn-tunnel-in-bash-script
看起来他们让这个脚本工作:https: //unix.stackexchange.com/questions/9055/establish-openvpn-tunnel-in-bash-script
回答by pevik
How about storing it into a file and using --askpass /your/file? --askpassoption was added in OpenVPN version 2.0-beta20, Maverick has version 2.1.0-3ubuntu1.
如何将其存储到文件中并使用--askpass /your/file?--askpass在 OpenVPN 版本2.0-beta20 中添加了选项,Maverick 有版本2.1.0-3ubuntu1。
回答by smillien62
In my openvpn.conf:
在我的openvpn.conf:
...
askpass /etc/openvpn/jdoe.pass <<< new line here
ca /etc/openvpn/jdoe_ca.crt
cert /etc/openvpn/jdoe.crt
key /etc/openvpn/jdoe.key
...
The file /etc/openvpn/jdoe.passjust contains the password.
You can chmodthis file to 600.
This method save my life... ;-)
该文件/etc/openvpn/jdoe.pass只包含密码。您可以chmod将此文件复制到600. 这种方法挽救了我的生命...... ;-)
Ubuntu 12.04.4 LTS
OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 13 2014
回答by Simon Kesteloot
I think you just swipe |and ||operator.
我想你只需滑动|和||操作符。
|plug standard output o the previous command to standard input of the next command.
|将标准输出 o 上一个命令插入到下一个命令的标准输入中。
||launch second command only if first command fail (exit code != 0).
||仅当第一个命令失败(退出代码!= 0)时才启动第二个命令。
this command should work.
这个命令应该可以工作。
root$ echo mypassword | openvpn client.conf.ovpn
