Automating a mount operation that requires user input

Question

I want to mount a directory on a file server at startup. This is my /etc/fstab entry:

# mount the fileserver
https://fsrv.company/ /mnt/fileserver davfs user,auto 0 0

Manually mounting it with mount /mnt/fileserver works fine. However, because of an outdated certificate this issues a prompt which I always have to answer with yes:

/sbin/mount.davfs: the server certificate does not match the server name
/sbin/mount.davfs: the server certificate is not trusted
[...]
Accept certificate for this session? [y,N] y

This device should be mounted when starting Ubuntu (due to the auto option). However, the device is not mounted, probably because of the required input. The owner of the fileserver wont update its certificate.

How can I automate this process, such that the device is mounted at startup with the answer being always y\n?

EDIT: I did download and place the certificate in .davfs2/certs/ and edited the entry in .davfs2/davfs2.conf (as hinted below by @Oli), but the interactive input remains.

Answer 1

In my case I used the code highlighted by Oli above and then used the trust_server_cert option in the dav2fs config.

Usefull when the server's certificate can't be verified or is even invalid, but you know that you can trust this certificate.

So edit /etc/davfs2/davfs2.conf and add a line that looks like the following:

trust_server_cert        /etc/davfs2/certs/my.selfsigned.cert.pem

This allowed me to mount a self-signed OwnCloud webdav even when the certificate host didn't match.

Answer 2

Wouldn't it just be easier to fix the trust issue and install the certificate?

1. Download the certificate (thanks to elec3647 on SuperUser)

   openssl s_client -connect HOSTNAME:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > certificate.pem
   

2. Copy the certificate to /etc/davfs2/certs/

   sudo cp certificate.pem /etc/davfs2/certs/
   

That should deal with the problem directly.

Answer 3

For those who found this page on google and are needing another answer. Works for RHEL. This is not the best way to handle this problem.

#!/bin/bash
/usr/bin/expect -c "
spawn /bin/mount -t davfs https://fsrv.company/ /mnt/fileserver
expect "You only should accept this certificate" { send "y\n" }
expect eof
"

The above answers 'y' to the certificate question. I've tried expect several different ways, this is the only way I could get expect to answer yes for me.

Answer 4

The proper way of solving this would be changing the CN (identity) of the server certificate to set it to your domain (in this case fsrv.company).

However you can get around this by doing it the ghetto way, add a command to the boot (on Ubuntu that would be Startup Applications for example) with the following:

echo y | mount /mnt/fileserver

This will basically 'auto-accept' the error in the certificate for you.

Answer 5

I encountered the same problem but I found a different solution. I simply installed the ca-certificates package, because my certificate was signed by an official CA : Terena.

/sbin/mount.davfs: the server certificate is not trusted
  issuer:      TERENA, Amsterdam, Noord-Holland, NL
  subject:     Domain Control Validated
  identity:    owncloud-mshe.univ-fcomte.fr
  fingerprint: 0e:5f:b4:02:c2:a7:d7:7f:8b:ef:9c:06:25:0c:c0:1f:d4:38:83:1d

The solution is :

apt install ca-certificates