How do I get console input to work with SSL in bash script?

Question

For the server technology I'm working with, it's possible to join a server to a collective manually by running some command line arguments. At one point the console prompts you if you want to accept a certificate chain, to which you input (y/n) and the command keeps running. I'm trying to automate the process but I've hit a snag with responding to the input prompt and after digging around have heard that it could be an SSL thing so I didn't know if there was a different way of doing it.

If you do it manually, this is how it looks:

Joining the collective with target controller ...this may take a while
SSL trust has not been established with the target server
//certificate chain
Do you want to accept the above certificate chain? (y/n)

However, both:

echo "y y" | bash ./script.sh

//inside script.sh
echo "y y" | $(command)

End up with this response:

Joining the collective with target controller ...this may take a while
SSL trust has not been established with the target server
//certificate chain

Input console is not available 

Aborting join collective.

Error:
Unable to complete the MBean operation
Error: java.securit.cert.CertificateException: User has rejected the request to trust the
certificate chain

I was hoping somebody may be able to shed some light on a way to do it outside of just responding manually

score 3 · Accepted Answer · edited May 23 '17 at 12:18

3

The error Input console is not available suggests that the target program is expecting to talk to a real terminal, not a pipe (which is what you get if you try to echo into the program).

In this case, you will have automate the program using something like expect, which simulates a real terminal (using a pseudo-tty), and can usually "fool" programs like this into believing they are communicating with an actual terminal. expect will let you input arbitrary commands into the program.

See Bash/Expect Script for SSH for an example on how to use Expect (here for automating ssh).

edited May 23 '17 at 12:18

Community

1
1

answered Sep 10 '14 at 18:44

nneonneo

171,345
36
312
383

I see, I'm assuming there's no native way to do this then? My restrictions are rather stringent and I have to write a script that will run on a machine "out of the box", thanks for the explanation though – Sep 10 '14 at 18:51
Unfortunately, no. There's no nice, relatively portable to use ptys using plain bash that I know of. – nneonneo Sep 10 '14 at 18:53
Or maybe the remote command do NOT expect a real terminal, but your SSH do not allocate tty. You can force a pseudo-tty allocation with the option "-t" – mcoolive Sep 10 '14 at 23:15

score 1 · Answer 2 · answered Sep 10 '14 at 18:48

Here is a basic expect example that should work, per @nneonneo:

#!/usr/bin/expect

set timeout 600
spawn -noecho /path/to/script.sh
expect {
  (y/n) {
    send -- "y\n"
    exp_continue
  }
  timeout {
    exit 1
  }
  eof {
    catch wait result
    exit [lindex $result 3]
  }
}

score 0 · Answer 3 · answered May 20 '17 at 02:56

I am presuming you're using WebSphere Liberty as your server technology because the output is what I got with the installation. Anyway the key argument you need to put in is --autoAcceptCertificates

For example:

collective join defaultServer --host=controller \
  --port=9443 \
  --keystorePassword=memberPassword \
  --user=adminUser \
  --password=adminPassword \
  --autoAcceptCertificates

How do I get console input to work with SSL in bash script?

3 Answers3