[opensuse] bash/expect - Help! I can't get around the prompt
Listmates, I am stumped. I can't automate an openssl call from a script and it's driving me nuts. Most of the openssl commands will accept here doc or the -passin option for passing the password to openssl and eliminating the user prompt, but the genrsa call is kicking my .... No matter what I try, I can't automate: openssl genrsa -des3 -out server.key 1024 I have tried: TPHRASE=somekey openssl genrsa -des3 -out server.key 1024 <<GENPSK $TPHRASE $TPHRASE GENPSK openssl genrsa -des3 -out server.key 1024 /usr/bin/expect - <<GENPSK expect ".*server.key:" send "$TPHRASE\n" expect ".*server.key:" send "$TPHRASE\n" GENPSK openssl genrsa -des3 -out server.key 1024 chat -v server.key: $TPHRASE\n server.key: $TPHRASE\n None give any errors and none work. All of the other openssl calls work just fine: openssl req -new -key server.key -out server.csr -passin stdin <<GENCSR $TPHRASE $COUNTRY $STATE $LOCAL $ON $OU $CN $EMAIL GENCSR openssl rsa -in server.key.protected -out server.key -passin stdin <<REMPW $TPHRASE REMPW Can anyone think of another way to pass the password to 'openssl genrsa -des3 -out server.key 1024' that would get around this problem?? Thanks -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hello, On Fri, 06 Feb 2009, David C. Rankin wrote:
No matter what I try, I can't automate:
openssl genrsa -des3 -out server.key 1024
I have tried:
TPHRASE=somekey openssl genrsa -des3 -out server.key 1024 <<GENPSK $TPHRASE $TPHRASE GENPSK
TPHRASE=somekey openssl genrsa -passout stdin -des3 -out server.key 1024 <<'GENPSK' $TPHRASE GENPSK The passphrase is for the output file, which I found in the "usage" of the genrsa call. HTH, -dnh -- Subtlety is the art of saying what you think and getting out of the way before it is understood. -- BSD fortune file -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David Haller wrote:
Hello,
On Fri, 06 Feb 2009, David C. Rankin wrote:
No matter what I try, I can't automate:
openssl genrsa -des3 -out server.key 1024
I have tried:
TPHRASE=somekey openssl genrsa -des3 -out server.key 1024 <<GENPSK $TPHRASE $TPHRASE GENPSK
TPHRASE=somekey openssl genrsa -passout stdin -des3 -out server.key 1024 <<'GENPSK' $TPHRASE GENPSK
The passphrase is for the output file, which I found in the "usage" of the genrsa call.
HTH, -dnh
Your kidding me! I read that and I didn't want to output the passphrase (at least that is how I read it) -passout arg the output file password source. Reading a second time, I get it now. Thanks Dave! -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David Haller wrote:
TPHRASE=somekey openssl genrsa -passout stdin -des3 -out server.key 1024 <<'GENPSK' $TPHRASE GENPSK
Dave, You also single-quoted the start-tag, why? -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hello, On Fri, 06 Feb 2009, David C. Rankin wrote:
David Haller wrote:
TPHRASE=somekey openssl genrsa -passout stdin -des3 -out server.key 1024 <<'GENPSK' $TPHRASE GENPSK
Dave,
You also single-quoted the start-tag, why?
*Oops!* Sorry. That's actually wrong in this case, as you want $TPHRASE expanded. Generally though, you should quote the tag just like a variable to keep from expansion. ==== man bash / Here documents section ==== <<[-]word here-document delimiter [..] If any characters in word are quoted, the delimiter is the result of quote removal on word, and the lines in the here-document are not expanded. If word is unquoted, all lines of the here-document are subjected to parameter expansion, command substitution, and arithmetic expansion. ==== Usually, you don't want expansions/substitutions in your here-documents, which is why I tend to quote the "word". And only conciously choose not to quote it, if I actually want expansion/substitution. For clarification: $ echo $TPHRASE somekey $ cat <<EOF
$TPHRASE EOF somekey $ cat <<"EOF" $TPHRASE EOF $TPHRASE $ cat <<'EOF' $TPHRASE EOF $TPHRASE $
Without the quotes, you need to escape ``, $(), $, etc. if you don't want them expanded. Using a quoted word is esp. useful if you want to pass on "shellscripts" via ssh -- unless you want e.g. some variables expanded. But that can be amended by using a combination of here-documents and echos "gathered together" by braces: { cat <<'PART_OF_SCRIPT' unexpanded $stuff and remotely run $(command) and an remotely expanded $variable. PART_OF_SCRIPT echo "$foo" cat <<PART_OF_SCRIPT expanded $stuff and run $(command generating stuff) and with an escaped and thus unexpanded "\$variable". Correctly quoting "'stuff'" inside is much easier than inside an echo or somesuch. PART_OF_SCRIPT } | ssh localhost cat The output by cat (via ssh) shows what the remote shell would be fed, if you replace the variables / commands in above sample by more meaningful things and 'cat' by 'bash' (or nothing if you want the remote default-shell of your remote user). Comes in quite handy at times, that does ;) -dnh -- The two most common things in the universe are hydrogen and stupidity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David Haller wrote:
Hello,
On Fri, 06 Feb 2009, David C. Rankin wrote:
No matter what I try, I can't automate:
openssl genrsa -des3 -out server.key 1024
I have tried:
TPHRASE=somekey openssl genrsa -des3 -out server.key 1024 <<GENPSK $TPHRASE $TPHRASE GENPSK
TPHRASE=somekey openssl genrsa -passout stdin -des3 -out server.key 1024 <<'GENPSK' $TPHRASE GENPSK
The passphrase is for the output file, which I found in the "usage" of the genrsa call.
HTH, -dnh
Got it! But, I had to get rid of the single quotes around the here doc tags. From man bash on here docs: <quote> If any characters in word are quoted, the delimiter is the result of quote removal on word, and the lines in the here-document are not expanded. </quote> So what was happening is that the passphrase for the genrsa was being set to '$TPHRASE' instead of 'somekey'. This caused problems with the line: openssl req -new -key server.key -out server.csr <<GENCSR $TPHRASE <snip> But I was able to get around that with: openssl req -new -key server.key -out server.csr -passin pass:$TPHRASE <<GENCSR $COUNTRY $STATE <snip> Now it all works! Thanks David. The finished script that automates the apache2 ssl setup on openSuSE is at: http://www.3111skyline.com/download/linux/scripts/apache-ssl-setup -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
David C. Rankin -
David Haller