Automate a command which requires random keystrokes

150 views

Skip to first unread message

Bharath Kumar

unread,

Aug 29, 2018, 6:52:47 PM8/29/18

to Ansible Project

Hello All,

I have a command that has to be automated/written into playbook that requires 15-20 random keystrokes.

The scenario is; I am using certutil to generate a key.

The certutil command when run manually on the shell, asks for few keystrokes to fill in a empty space between two vertical bar with keystrokes on the cmd. Some thing like |*********|.

How do i automate this using Ansible.

Play

- name: Generating CSR
  command: certutil -R -k rsa -g 2048 -n cert -s "CN={{ ref_number }}, OU=MyOU, O=MyO, L=MyL, ST=MyST, C=MyC" -d {{ dir_path }} -f {{ pass_file }} -a -o {{ ansible_fqdn }}.csr

Error

 stderr: |2-

    A random seed must be generated that will be used in the
    creation of your key.  One of the easiest ways to create a
    random seed is to use the timing of keystrokes on a keyboard.

    To begin, type keys on the keyboard until this progress meter
    is full.  DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!


    Continue typing until the progress meter is full:

    |                                                            ||

    Finished.  Press enter to continue:
    certutil: unable to generate key(s)
    : PR_END_OF_FILE_ERROR: Encountered end of file
  stderr_lines:
  - ''
  - A random seed must be generated that will be used in the
  - creation of your key.  One of the easiest ways to create a
  - random seed is to use the timing of keystrokes on a keyboard.
  - ''
  - To begin, type keys on the keyboard until this progress meter
  - is full.  DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!
  - ''
  - ''
  - 'Continue typing until the progress meter is full:'
  - ''
  - ''
  - '|                                                            |'
  - '|'
  - ''
  - 'Finished.  Press enter to continue: '
  - 'certutil: unable to generate key(s)'
  - ': PR_END_OF_FILE_ERROR: Encountered end of file'

flowerysong

unread,

Aug 29, 2018, 7:36:13 PM8/29/18

to Ansible Project

Use the -z flag to supply certutil with a noise file. Unfortunately certutil will attempt to read as much data as possible from this file so you can't point it directly at /dev/urandom, but if you don't have anything suitably random to point it at you can easily create a noise file in a separate step:

- name: Create noise file
  command: dd if=/dev/urandom of=/var/cache/noise count=1

- name: Generate CSR
  command: certutil -R -k rsa -g 2048 -n cert -s "CN={{ ref_number }}, OU=MyOU, O=MyO, L=MyL, ST=MyST, C=MyC" -d {{ dir_path }} -f {{ pass_file }} -z /var/cache/noise -a -o {{ ansible_fqdn }}.csr

Reply all

Reply to author

Forward

0 new messages