Automatize the cert creation OpenVPN

Question

I do not know why I am getting an error when I run my script with SSH, but when I run the bash from my CA server everything works fine.

I installed my VPN server based on this article https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-18-04

I wrote a bash for the VPN creation but when I try to run it I need to SSH to the other server at some point. If I start the script with SSH in it I got an error message:

>./easyrsa: 341: set: Illegal option -o echo

My bash contain this and run from my VPN server:

sshpass -p $PASSWORD ssh username@"CA server IP" "/home/username/makevpn.sh $NAME $PASSWORD"

And makevpn.sh contain this:

>./easyrsa sign-req client $NAME

After this run it seems okay but give that error above.

I tried to read after this error and found nothing. :( Hope someone can help because I am hopeless after 4 days of troubleshooting.

Code of VPN script

#!/bin/sh
clear
read -p "Please enter the name of the new certificate : "  NAME
read -p "Please enter the Password : "  PASSWORD

cd /home/username/EasyRSA-3.0.7/
./easyrsa gen-req $NAME nopass
echo "gen-req done"
cp /home/username/EasyRSA-3.0.7/pki/private/$NAME.key /home/username/client-configs/keys/
echo "cp done"
sshpass -p $PASSWORD scp /home/username/EasyRSA-3.0.7/pki/reqs/$NAME.req username@192.168.1.105:/tmp
echo "scp done"

sshpass -p $PASSWORD ssh username@192.168.1.105 "/home/username/makevpn.sh $NAME $PASSWORD"
echo "ssh done"

cp /tmp/$NAME.crt /home/username/client-configs/keys/
echo "last CP done"
sudo /home/username/client-configs/make_config.sh $NAME
echo "All Done"

Code on CA server

#!/bin/sh

NAME=$1
PASSWORD=$2

cd /home/username/EasyRSA-3.0.7/
echo "CD Done"
./easyrsa import-req /tmp/$NAME.req $NAME
echo "Import-req done"
./easyrsa sign-req client $NAME 
echo "Sign-req done"
sshpass -p $PASSWORD scp /home/username/EasyRSA-3.0.7/pki/issued/$NAME.crt username@192.168.1.103:/tmp
echo "Scp done"

Answer 1

I was just browsing the code of that easyrsa script here. This one is likely different from yours given the line for the error is 341. On the Github page, it is line 352 and it is part of a function called cleanup. It appears that this function is only attached as a trap (line 2744). Traps are used to catch signals like sigint (interrupt) which is normally sent on the terminal with ctrl+c (and may display a character like ^C). The reason the error only displays in your script is it likely causes a signal to be emitted that you would not normally receive if you ran it manually over ssh.

The error itself is really not an issue.

Code from Github:

Line 352:

(stty echo 2>/dev/null) || { (set -o echo 2>/dev/null) && set -o echo; }

Line 2744:

trap "cleanup" EXIT

It appears that line is just trying to turn terminal output of your typed characters back on (via stty echo). Sometimes programs will disable terminal output somewhere, and then re-enable it when the program finishes. However, if you were to kill the program mid way through (e.g. with ctrl+c), your program would terminate with the terminal output still disabled. This would make the terminal appear to be frozen. It would still work, but would not display the characters you type with your keyboard. The point of the trap is to ensure that terminal output is re-enabled no matter how the program exits.

More info...

At line 567 there is a function that disables echo. Looks like the point is to not show a password to the screen. If you were to kill the program during password reading, echo would remain disabled on the terminal. Likely the reason for the error has more to do with the way you are running the script. For whatever reason it causes stty echo to fail. Line 352 is assuming that the failure is due to stty echo not being a valid command. So on failure ( || ), it tries a different method (set -o echo) of enabling echo. If I try to run that on my terminal, I also get an error (bash 4.2):

-bash: set: echo: invalid option name