Geek Answers Handbook

How to store a server key forever? openconnect

Is there a way to save the server key after a successful connection, ssh method?

No matter how many times I connect, I must always type “ yes ” to accept the server key. I would like it to be accepted and stored forever.

############################### amir@amirpc :~$ sudo openconnect uk.cisadd.com -u myusername POST https://uk.cisadd.com/ Attempting to connect to server xxx.xxx.xxx.xxx:443 SSL negotiation with uk.cisadd.com Server certificate verify failed: signer not found Certificate from VPN server "uk.cisadd.com" failed verification. Reason: signer not found Enter 'yes' to accept, 'no' to abort; anything else to view: Connected to HTTPS on XXX.XXX.XXX.XXX ###############################

can write a bash script to run openconnect and exit yes ?

+5
source share
4 answers

The best way is the first time you go to the server, save your --servercert to the clipboard, like this

 echo "password" | sudo openconnect -u username uk2.cisadd.com --servercert sha25:xxxxxxx
+2
source

I bet you can do this with the --no-cert-check option or have a valid SSL certificate:

 sudo openconnect --no-cert-check uk.cisadd.com -u myusername
+4
source

You can use --no-cert-check if you do not need to decrypt your traffic. Otherwise, use --servercert=FINGERPRINT , where FINGERPRINT is the server hash key, as shown in the certificate information.

+3
source

I ran into the same problem in OpenWRT and my solution was to install a ca certificate package.

 # opkg install ca-certificates

As soon as I did this, openconnect stopped flagging "signer not found".

The advantage of this solution is that you use the intended certificates and limit your chances of compromising your network.

+1
source

More articles:


All Articles