How to run openconnect with username and password in a line in the terminal?
Solution 1
If you type man openconnect
in a terminal you will get a manual page describing usage.
Relevant sections:
-u,--user=NAME
Set login username to NAME--passwd-on-stdin
Read password from standard input
Additionally, you may need to disable certificate warnings:
--no-cert-check
Do not require server SSL certificate to be valid. Checks will still happen and failures will cause a warning message, but the connection will continue anyway. You should not need to use this option - if your servers have SSL certificates which are not signed by a trusted Certificate Authority, you can still add them (or your private CA) to a local file and use that file with the --cafile option.
Or you could add the certificate to a file.
All this can be combined:
echo "password" | sudo openconnect server --user=username --passwd-on-stdin --no-cert-check
Solution 2
To skip the certificate check, The --no-cert-check
parameter was removed in new versions. You can use --servercert
instead.
--servercert sha256:sdflkdsjflsdjkfds
Solution 3
I was able to automate both sudo password, VPN user, VPN password and secondary challenge using the following command (tested on mac):
challange=<code> && sudo -S <<< "<sudo_password>" echo I am super user && { printf '<vpn_password>\n'; sleep 1; printf "$challange\n"; } | sudo openconnect <server_name> --user <vpn_username> --passwd-on-stdin
Solution 4
This works for me:
echo mypassword | openconnect --protocol=anyconnect --user=myusername --passwd-on-stdin
Solution 5
As I read the solutions, finally this is the script that is working for me:
echo "PASSWORD" | sudo openconnect --protocol=anyconnect SERVER --user=USERNAME --passwd-on-stdin --servercert SERVERCERT
When you run the above command without SERVERCERT(because you don't have it), it gives an error to you that contains the SERVERCERT inside it, something like:
Server SSL certificate didn't match: pin-sha256:76v/J0dQR44xdeBCxKUq/Slvtikc+0xTyRdjaZk/5fA=
and that's it, the string started with pin-sha256:...(the whole of it, include pin-sha256 itself) is your SERVERCERT
So? the final result in this case for example is:
echo "PASSWORD" | sudo openconnect --protocol=anyconnect SERVER --user=USERNAME --passwd-on-stdin --servercert pin-sha256:76v/J0dQR44xdeBCxKUq/Slvtikc+0xTyRdjaZk/5fA=
Related videos on Youtube
Benyamin Jafari
⋆I've studied at NODET High School. ⋆B.Sc. in Software Engineering at QIAU University. ⋆M.Sc. in Mechatronic Engineering from QIAU University. ⋆I used to do R&D at Mechatronics Research Laboratory (MRL) in the @Home team. ⋆Python/Django Backend Developer at Arta Vision Ava – Data Center Infrastructure Management (IVMS | DCIM). ⋆Machine Learning and Robotics enthusiast, especially Deep Learning and Self-Driving Cars. Tokens of appreciation are very welcome if you've appreciated my assistance: ⋆BTC Donations: bc1qw7x5yk7cmu2kg5wutalwf58z0mttcckj8w0av2 ⋆ETH Donations: 0xA892c4bd5509E2549f74A0f8405279CCDA4A69De ⋆TRX Donations: TJUngJzu2oRPqtT9KDtJAcBVepdJofsnbd ⋆TOMO Donations: 0xB2C87EF5243cF7aCD715B87c482E0c743B270a91
Updated on September 18, 2022Comments
-
Benyamin Jafari over 1 year
I use
openconnect
in Ubuntu 16.04 terminally, when I want to run it, I need to enter three phases:- "yes/no"
- "username"
- "password"
How can I bypass above phases using
openconnect
in a line (e.g. usingopenconnect
options)?
Are there any options for that such as the following line?sudo openconnect <server-name> --user=<'username'> --pass=<'password'>
I used
openconnect --help
and found out a way to filling username, but I haven't any idea to filling password and SSL verification. -
movAX13h over 5 yearsThe answer above is still correct except for
--no-cert-check
which has been removed due to security risks. This is the error message now when using it: The --no-cert-check option was insecure and has been removed. Fix your server's certificate or use --servercert to trust it. (can't comment above because not enough points; mods feel free to clear this up) -
Benyamin Jafari over 3 yearsWhat's the <code>?
-
dux2 over 3 years
<code>
is some code/number you get from a 2-Factor Authentication (2FA) service. In my case its a smartphone application with some rotating number. -
Sniper over 3 yearsThis worked perfectly fine with my MFA. One change that I made was, create a sh file and pass the MFA code as an arg to it Change in script: `challange="$1" ScriptName: vpn.sh terminal: ./vpn,sh <code>
-
Mark over 3 yearsSeems like if they prompt for 2FA it goofs up the response code if you do --passwd-on-stdn
-
Benyamin Jafari over 3 yearsActually, I don't have any server certification, in this new version how can I bypass it?
-
Wlad over 3 yearsyep, this works if the server does not require a certificate. You can also omit
--protocol=anyconnect
since it's the default value anyway. -
SdSaati almost 3 years@BenyaminJafari when you run that command, the openconnect gives you an error message that contains
Server SSL certificate didn't match: pin-sha256:76v/J0dQR44xdeBCxKUq/Slvtikc+0xTyRdjaZk/5fA=
thepin-sha256:76v/J0dQR44xdeBCxKUq/Slvtikc+0xTyRdjaZk/5fA=
is your servercert. -
Benyamin Jafari almost 3 years@SdSaati Yes, that's right.
-
R J over 2 yearsI can't thank you enough for this. For me, nothing worked, including recording and modifying script through autoexpect, I even tried putting together a pexpect python script, nothing worked. This is was the only thing out of many worked. I automated to MFA challenge with a script, and now this is fully automated. Thank you.