ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AWS user account management scripts updates

Browse Source 
- start option for create users (-g)
- delete user script
- update documentation
- user lock user script in check user flow output
- create user has check for valid username/group name
This commit is contained in:
Clemens Schwaighofer
2023-08-07 07:29:24 +09:00
parent eb194c2f1c
commit 571ddcc717
10 changed files with 323 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
Readme.md
View File

@@ -11,22 +11,27 @@ The folder holding the script must be owned by *root* and have *600* permissions
```sh
cd /root/
git clone https://git.tequila.jp/ScriptsCollections/AwsUserCreate.git users
git clone http://gitlab-ap.factory.tools/scripts-collections/aws-user-create.git users
chown root. users
chgrp 600 users
```
Alternate download: `git clone http://gitlab-ap.factory.tools/scripts-collections/aws-user-create.git users`
Alternate download:
`git clone https://git.tequila.jp/ScriptsCollections/AwsUserCreate.git users`
## Folders
Inside the base folder there are
* ssh-keygen for temporary holding the PEM/PUB files
* zip file which holds the created user list, password and PEM/PUB files
- ssh-keygen for temporary holding the PEM/PUB files
- zip file which holds the created user list, password and PEM/PUB files
## Options
### -g (go)
If not set, the script will not run.
### -t (test)
Run in test mode. This will *NOT* create any groups or users. Nor will it create any ssh key files.
@@ -42,14 +47,15 @@ In the `/root/users/` folder there needs to be a file called '*user_list.txt*'
This is a CSV type file with the following layout
ID | Username | Group | Optional Password | Override host name | Override ssh key type
-|-|-|-|-|-
ID | Username | Group and Sub Group | SSH Access Type | Optional Password | Override host name | Override ssh key type
-|-|-|-|-|-|-
The ID, Username and Group column must be filled.
For sub groups add them with a *,* The first group is the master group
If the password column is filled, the string from here will be used as the PEM Key password.
If a override hostname is set it will be used instead of `hostname`
If the ssh key type is set, it will override the default *ed25519* type. This is not recommended. Only *rsa* is allowed. This is for setting up backwards compatible lists.
1: The ID, Username and Group column must be filled.
2: For sub groups add them with a *,* The first group is the master group
3: SSH Access type as: allow/forward. allow is default
4: If the password column is filled, the string from here will be used as the PEM Key password.
5: If a override hostname is set it will be used instead of `hostname`
6: If the ssh key type is set, it will override the default *ed25519* type. Only *rsa* is allowed. This is for setting up backwards compatible lists. Change is not recommended
The ID can be any string in any form.
It can also be left empty. It is not used at the moment
@@ -59,10 +65,11 @@ The file can hold comments. The first character in the line must be a *#*
Example file
```csv
user1;some.name;group-a;;hostname
user2;othername;group-a;;
#user_id;user_name;group,subgroup;ssh access type;override password;override hostname;override ssh type
user1;some.name;group-a;allow;;hostname;
user2;othername;group-a;allow;;;
# I am a comment
;username;groupC;setpassword;
;username;groupC;allow;setpassword;;
...
```
@@ -131,7 +138,7 @@ If the public pem file is already provided the output will be a bit different
```txt
++ Create 'some.name:group-a'
< Use existing public ssh key '/root/users/ssh-keygen/hostname#group-a#some.name#ed25519.pem.pub'
< Use existing public ssh key '/root/users/ssh-keygen-created-pub/hostname#group-a#some.name#ed25519.pem.pub'
> Create .ssh folder
> Add public into authorized_keys
> Secure folder .ssh and authorized_keys file
@@ -187,9 +194,9 @@ The SSH PEM key password can be reset or changed with
To remove the password use this `-N ""`
**NOTE**
If the command is used like this it will be stored in the history file.
For scurity reason it is recommended to not give the -P and -N options when changing the password.
> [!notice]
> If the command is used like this it will be stored in the history file.
> For scurity reason it is recommended to not give the -P and -N options when changing the password
### Missing PUB key
@@ -197,7 +204,7 @@ The public key part can be extracted from the SSH PEM key with
`$> ssh-keygen -y -f [PEM].pem > [PEM].pem.pub`
*[PEM]* is the placeholder for the filename
`[PEM]` is the placeholder for the filename
## Lock and unlock uses