Automatically enter input in command line

Shell Programming and Scripting
1

Hi,

This is a script which to create an opvn user, I want which answer automatically to a certain part so, I try this, it works without the red part but I must type manually.. :

#!/bin/bash

## Environnement ##
LC_ALL=C

## Paths ##
rsa_dir="etc/openvpn/easy-rsa"
rsa_key_dir="etc/openvpn/easy-rsa/keys"
user_dir="etc/openvpn/users"
ccd_dir="etc/openvpn/ccd"

## Regex filter ##
regex_filter='[^a-zA-Z_0-9\s]'

## Position ##
cd /"$rsa_dir"/

## Loop ##
while
        read -p "Please can you enter the vpn's username : " username
        [[ -z "$username" ]] || [[ ${#username} -lt 2 ]] || [[ ${#username} -gt 15 ]] || [[ "$username" =~ $regex_filter ]]
do
        echo "Your entry must not contain special characters and its length must do between 2-15 characters."
done

## Commands ##
. ./vars
./build-key "$username" << EOF
(14 empty lines feed)
y
y
EOF

cp -p /"$rsa_key_dir"/"$username".* /"$user_dir"/
cd /"$user_dir"/; cp template.ovpn "$username".ovpn
sed -i 's/name/'$username'/g' "$username".ovpn
tar -czvf "$username".tar.gz "$username".* ta.key ca.crt
touch ../ccd/"$username"
cp -a "$username".tar.gz /tmp/
scp "$username".* usersend@1.1.1.1:/tmp/.

Ouput :

$./user_ovpn.sh
Please can you enter the vpn's username : iki
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
Generating a 2048 bit RSA private key
........................................................................+++
....+++
writing new private key to 'iki.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [FR]:State or Province Name (full name) [FR]:Locality Name (eg, city) [hello]:
Organization Name (eg, company) [Hello]:Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [iki]:Name [HELLO_VPN]:Email Address [hello@machin.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'FR'
stateOrProvinceName   :PRINTABLE:'FR'
localityName          :PRINTABLE:'Hello'
organizationName      :PRINTABLE:'Hello'
commonName            :PRINTABLE:'Hello'
name                  :T61STRING:'Hello'
emailAddress          :IA5STRING:'Hello@machin.com'
Certificate is to be certified until Oct 13 06:01:44 2026 GMT (3650 days)
Sign the certificate? [y/n]:CERTIFICATE WILL NOT BE CERTIFIED: I/O error
iki.crt
iki.csr
iki.key
iki.ovpn
ta.key
ca.crt

Example of output with manually entries :

$./vpn_user.sh
Please can you enter the vpn's username : testuser2
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keys
Generating a 2048 bit RSA private key
............................................+++
............+++
writing new private key to 'testuser2.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [FR]:
State or Province Name (full name) [FR]:
Locality Name (eg, city) [Hello]:
Organization Name (eg, company) [hello]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [testuser2]:
Name [HELLO_VPN]:
Email Address [hello@machin.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'FR'
stateOrProvinceName   :PRINTABLE:'FR'
localityName          :PRINTABLE:'Hello'
organizationName      :PRINTABLE:'Hello'
commonName            :PRINTABLE:'testuser2'
name                  :T61STRING:'HELLO_VPN'
emailAddress          :IA5STRING:'hello@machin.com'
Certificate is to be certified until Oct 13 05:45:45 2026 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
testuser2.crt
testuser2.csr
testuser2.key
testuser2.ovpn
ta.key
ca.crt

In red that represent the manually entries that I want which works automatically
Thanks in advance.. :b::slight_smile:

2

I counted 7 lines to be input with default values BEFORE the first 'y':

The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'FR'
stateOrProvinceName   :PRINTABLE:'FR'
localityName          :PRINTABLE:'Hello'
organizationName      :PRINTABLE:'Hello'
commonName            :PRINTABLE:'testuser2'
name                  :T61STRING:'HELLO_VPN'
emailAddress          :IA5STRING:'hello@machin.com'
Certificate is to be certified until Oct 13 05:45:45 2026 GMT (3650 days)
Sign the certificate? [y/n]:y

And you have (14 empty lines feed) in your here-doc?

3

That's the same I try :

./build-key "$username" << EOF
7 lines feed
y
2 lines feed
y
4

I'd suggest doing it manually counting how many time you need to hit Enter and where. Then change you here-doc accordingly...

5

I have tested many time with different solution but same.. there is no another way ?

6

It depends on whether ./build-key requires a controlling terminal, If so, you cannot use the here-doc.

Others may suggest other alternatives/ideas.

7

Yes ./build-key requires a controlling terminal :frowning:

---------- Post updated at 04:54 PM ---------- Previous update was at 04:19 PM ----------

have you got an idea?

8

Hi,
./build-key is a script shell that use openssl...
you can copy and modify this script to add option -subj to fill your fields.
in man req :

You can too modify config file to set param prompt at 'no':

Regards.

9

Thanks for your reply, but I want to avoid to edit the script, I look for another solution in my side and if someone has another way, with peasure :slight_smile:

10

You could make your system less secure by installing the expect brute force hacking tool, learn its new programming language, and use it to fool openssl into believing it's talking to a real terminal.

Or you can make a minor edit to ./build-key so you can feed in a noninteractive argument the way openssl is designed to handle them.

Your choice.

11

May be a trick if your script build_key use the variable KEY_CONFIG :
Before to launch the script build_key, just add 2 lines:

KEY_CONFIG="/etc/openvpn/easy-rsa/openssl-1.0.0.cnf -batch"
export KEY_CONFIG

This trick set -batch option to openssl commande that use this variable without to modify build_key script.

Regards.

---------- Post updated at 03:33 PM ---------- Previous update was at 12:21 AM ----------

another idea that depends on how the build-key script invokes the openssl command.
If it is invoked via the PATH, just in this case create a script called "openssl" that will invoke the real openssl with an additional parameter (-batch) for example.
In your script:

PATH=path_of_your_script_openssl:$PATH
build-key "$username"
PATH=${PATH#*:}

And script openssl might look like:

#!/bin/bash
PATH=${PATH#*:}
openssl $@ -batch
exit $?

Regards.