teleport-browserless-login
This software will allow you to login to teleport and get the certificate without a browser (or X-capabilities)
Usage
Install the module from ECMWF public software repository:
user@local $ pip3 install teleport-browserless-login --user -U -i https://get.ecmwf.int/repository/pypi-all/simple
In order to install the extra certificates checks please install with the extras option certificates-check
(requires the cryptography python package):
user@local $ pip3 install teleport-browserless-login[certificates-check] --user -U -i https://get.ecmwf.int/repository/pypi-all/simple
Note for Raspberry Pi users
If you get the error:
Could not install packages due to an EnvironmentError: 404 Client Error: Not Found for url: https://www.piwheels.org/simple/teleport-browserless-login/
Comment the line extra-index-url=https://www.piwheels.org/simple
from /etc/pip.conf
Check the module help
:
Note
A shell script is installed along with the package, so all the commands python3 -m teleport.login can be replaced with teleport-login
user@local $ python3 -m teleport.login --help Environment Variables: ECMWF_USERNAME The ECMWF Username ECMWF_PASSWORD The ECMWF Password TSH_EXEC The Teleport binary tsh path TSH_PROXY The ECMWF Teleport proxy Configuration file content example (yaml): tsh_exec: '/usr/local/bin/tsh' tsh_proxy: 'shell.ecmwf.int:443' ecmwf_username: 'your_username' ecmwf_password: 'your_password' Usage: python -m teleport.login [OPTIONS] Options: --configuration PATH The path to the configuration file. --help Show this message and exit.
Using the module without arguments will prompt for the HID Token
or TOTP
(if configured instead) and load the default configuration file ~/.teleport-login.yaml
:
user@local $ python3 -m teleport.login INFO - Certificates not found or not valid anymore INFO - Loading configuration file [/home/uid/.teleport-login.yaml] INFO - Checking environment for configuration variables... INPUT - OTP Token: INFO - Starting [/usr/local/bin/tsh login --browser=none --proxy=shell.ecmwf.int:443] INFO - TeleportLoginUrlHandler finished INFO - UsernamePasswordHandler finished INFO - HIDTokenHandler finished INFO - Login Successful INFO - > Profile URL: https://shell.ecmwf.int:443 Logged in as: FirstName.LastName@ecmwf.int Cluster: shell.ecmwf.int Roles: Logins: uid Kubernetes: disabled Valid until: 2021-06-07 07:28:55 +0100 BST [valid for 12h0m0s] Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty
If you want to provide a specific path for your configuration file using --configuration
and you will be prompt for the HID Token
:
user@local $ python3 -m teleport.login --configuration /path/to/configuration.yaml INFO - Certificates not found or not valid anymore INFO - Loading configuration file [/path/to/configuration.yaml] INFO - Checking environment for configuration variables... INPUT - OTP Token: ...
An example of such a configuration file is:
user@local $ cat .teleport-login.yaml tsh_exec: '/usr/local/bin/tsh' tsh_proxy: 'shell.ecmwf.int:443' ecmwf_username: 'your_username' ecmwf_password: 'your_password'
You can override all configuration values by using Environment Variables
:
user@local $ export ECMWF_USERNAME='test' user@local $ export ECMWF_PASSWORD='zzzz' user@local $ export TSH_EXEC='tsh' user@local $ export TSH_PROXY='shell-test.ecmwf.int:443' user@local $ python3 -m teleport.login INFO - Certificates not found or not valid anymore INFO - Loading configuration file [/home/uid/.teleport-login.yaml] INFO - Checking environment for configuration variables... INFO - Environment variable [ECMWF_USERNAME] found. Overriding... INFO - Environment variable [ECMWF_PASSWORD] found. Overriding... INFO - Environment variable [TSH_EXEC] found. Overriding... INFO - Environment variable [TSH_PROXY] found. Overriding... INPUT - OTP Token: INFO - Starting [tsh login --browser=none --proxy=shell-test.ecmwf.int:443] ...
If no configuration is provided the module will use default values:
- tsh_exec - if
tsh
is on the system PATH, this can be left out the configuration file as the default istsh
- tsh_proxy - this can be left out the configuration file as the default is
shel.ecmwf.int:443
- username - will be prompted
- password - will be prompted
- token - will be prompted
user@local $ python3 -m teleport.login INFO - Certificates not found or not valid anymore INFO - Configuration file not found [~/.teleport-login.yaml] INFO - Checking environment for configuration variables... INFO - Username is empty... INPUT - ECMWF username: uid INFO - Password is empty... INPUT - ECMWF password: INPUT - OTP Token: INFO - Starting [tsh login --browser=none --proxy=shell.ecmwf.int:443] ...
This module will always prompt the user if some credential is missing.
If you want to enable DEBUG, might be useful to get more information regarding a failure, just set the environment variable DEBUG
to True
:
user@local $ DEBUG=True python3 -m teleport.login INFO - Certificates not found or not valid anymore INFO - Loading configuration file [/home/uid/.teleport-login.yaml] INFO - Checking environment for configuration variables... INPUT - OTP Token: DEBUG - Loaded Configuration: {"token": "xxxxxx", "username": "uid", "password": "xxxxxxxx", "tsh_exec": "/usr/local/bin/tsh", "tsh_proxy": "shell.ecmwf.int:443"} INFO - Starting [/usr/local/bin/tsh login --browser=none --proxy=shell.ecmwf.int:443] DEBUG - Setting User-Agent: {'User-Agent': 'TeleportBrowserlessLogin/1.0.0 (Linux-5.4.72-microsoft-standard-WSL2-x86_64-with-glibc2.31) Python/3.9.5'} DEBUG - Starting new HTTP connection (1): 127.0.0.1:42387 DEBUG - http://127.0.0.1:42387 "GET /fbbeee7d-dfc3-4b7b-a75a-830f48980d2e HTTP/1.1" 302 309 DEBUG - Starting new HTTPS connection (1): accounts.ecmwf.int:443 DEBUG - https://accounts.ecmwf.int:443 "GET /auth/realms/ecmwf/protocol/openid-connect/auth... HTTP/1.1" 200 5797 INFO - TeleportLoginUrlHandler finished DEBUG - https://accounts.ecmwf.int:443 "POST /auth/realms/ecmwf/login-actions/authenticate... HTTP/1.1" 200 5654 INFO - UsernamePasswordHandler finished DEBUG - https://accounts.ecmwf.int:443 "POST /auth/realms/ecmwf/login-actions/authenticate... HTTP/1.1" 200 5915 INFO - HIDTokenHandler finished INFO - Login Successful INFO - > Profile URL: https://shell.ecmwf.int:443 Logged in as: FirstName.LastName@ecmwf.int Cluster: shell.ecmwf.int Roles: Logins: uid Kubernetes: disabled Valid until: 2021-06-07 07:28:55 +0100 BST [valid for 12h0m0s] Extensions: permit-X11-forwarding, permit-agent-forwarding, permit-port-forwarding, permit-pty
This module will not attempt to authenticate if the current certificates are still valid.
user@local $ DEBUG=True python3 -m teleport.login INFO - Current certificate [/home/uid/.tsh/keys/shell.ecmwf.int/FirstName.LastName@ecmwf.int-x509.pem] is valid until [2021-06-08 20:49:58]