Update AWS user create
Has now -t option to turn test on off via command line. If test is on no user or groups are created, only SSH keys and the zip file. Standard ssh key type is now ed25519 and the password gets set with -a 100 flag. After creation all data is ziped into the zip/ folder for download and all PEM/PUB/password files are deleted from the folder. The old user_zip.sh file has been removed because of this. The script now checks for zip program and zip/ folder existing. Also base folder must be 600 and root set The user list file has an update for host name override after the password file. If this is set then the server hostname will not be used for file names. The file name is also back to include the host name but the type changed to have "#" as separator (can be changed in file) and also ads the ssh key type to the file
This commit is contained in:
Clemens Schwaighofer
130
user_create.sh
130
user_create.sh
@@ -1,130 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# * input file
|
||||
# user_list.txt
|
||||
# <ignored id>;<user name>;<group>[;optional override password]
|
||||
# lines with # are skipped
|
||||
# already created users are skipped
|
||||
# * output file
|
||||
# <date>;<target connect host name>;<username>;<password>
|
||||
# If already existing PEM key is used then <password> is [ALREADY SET]
|
||||
#
|
||||
# * PEM KEY
|
||||
# <group>-<user>.pem
|
||||
# * PUBLIC KEY
|
||||
# <group>-<user>.pem.pub
|
||||
# store in
|
||||
# ssh-keygen/
|
||||
#
|
||||
# If a previously exsting PEM key should be used, put the public pem file
|
||||
# into the ssh-keygen/ folder
|
||||
# They pem pub key must follow the set rules above
|
||||
|
||||
# SET TO 1 to TEST [will no create user/group/folder]
|
||||
TEST=0;
|
||||
# hostname for output file only
|
||||
host=$(hostname);
|
||||
# base folder for all data
|
||||
root_folder=$(pwd)'/';
|
||||
input_file='user_list.txt';
|
||||
output_file='user_password.txt';
|
||||
ssh_keygen_folder='ssh-keygen/';
|
||||
# check if ssh key folder exists
|
||||
if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
|
||||
mkdir "${root_folder}${ssh_keygen_folder}";
|
||||
fi;
|
||||
# check if password generate software is installed
|
||||
if [ ! command -v pwgen &> /dev/null ]; then
|
||||
echo "Missing pwgen application, aborting";
|
||||
exit;
|
||||
fi;
|
||||
# check if user list file exists
|
||||
if [ ! -f "${root_folder}${input_file}" ]; then
|
||||
echo "Missing ${root_folder}${input_file}";
|
||||
exit;
|
||||
fi;
|
||||
# create users
|
||||
cat "${root_folder}${input_file}" |
|
||||
while read i; do
|
||||
# skip rows start with # (comment)
|
||||
if [[ "${i}" =~ ^# ]]; then
|
||||
echo -e "";
|
||||
else
|
||||
user=$(echo "${i}" | cut -d ";" -f 2 | tr A-Z a-z);
|
||||
group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z);
|
||||
# user & group not set
|
||||
if [ -z "${user}" ] || [ -z "${group}" ]; then
|
||||
echo "[!!!!!] Missing user or group entry for ${user}/${group}";
|
||||
echo "[ABORT RUN]"
|
||||
break;
|
||||
fi;
|
||||
# do we have a password preset
|
||||
_password=$(echo "${i}" | cut -d ";" -f 4);
|
||||
# add group
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
groupadd -f ${group};
|
||||
else
|
||||
echo "$> groupadd -f ${group}";
|
||||
fi;
|
||||
# SSH key base name (removed ${host}- so we can use it more easy for multi server same key)
|
||||
ssh_keygen_id="${group}-${user}.pem";
|
||||
# check if user is not already created
|
||||
if getent passwd ${user} > /dev/null 2>&1; then
|
||||
echo "-- Skip '${user}:${group}'";
|
||||
else
|
||||
echo "++ Create '${user}:${group}'";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
useradd -s /bin/bash -g ${group} -m ${user};
|
||||
else
|
||||
echo "$> useradd -s /bin/bash -g ${group} -m ${user}";
|
||||
fi;
|
||||
# if public pem already exists skip creation
|
||||
if [ ! -f ${root_folder}${ssh_keygen_folder}${ssh_keygen_id}".pub" ]; then
|
||||
# Note we only create a password if we need it
|
||||
# password + store pwgen 10 1 -1
|
||||
if [ -z "${_password}" ]; then
|
||||
password=$(printf "%s" $(pwgen 10 1));
|
||||
else
|
||||
echo "! Override password set";
|
||||
password=${_password};
|
||||
fi;
|
||||
# create SSH key
|
||||
echo " > Create ssh key-pair '${root_folder}${ssh_keygen_folder}${ssh_keygen_id}'";
|
||||
ssh-keygen -f ${root_folder}${ssh_keygen_folder}${ssh_keygen_id} -C "${host}: ${user}@${group}" -N "${password}"
|
||||
else
|
||||
echo " < Use existing public ssh key '${root_folder}${ssh_keygen_folder}${ssh_keygen_id}.pub'";
|
||||
# Password already set notification
|
||||
password="[ALREADY SET]";
|
||||
fi;
|
||||
# write login info to output file
|
||||
echo $(date +"%F %T")";"${host}";"${user}";"${password} >> ${root_folder}${output_file};
|
||||
# create the SSH foler and authorized access file with correct permissions
|
||||
echo " > Create .ssh folder";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
mkdir /home/${user}/.ssh/;
|
||||
else
|
||||
echo "$> mkdir /home/${user}/.ssh/";
|
||||
fi;
|
||||
echo " > Add public into authorized_keys";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
cat ${root_folder}${ssh_keygen_folder}/${ssh_keygen_id}.pub > /home/${user}/.ssh/authorized_keys;
|
||||
else
|
||||
echo "$> cat ${root_folder}${ssh_keygen_folder}/${ssh_keygen_id}.pub > /home/${user}/.ssh/authorized_keys";
|
||||
fi;
|
||||
echo " > Secure folder .ssh and authorized_keys file";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
chown -R ${user}:${group} /home/${user}/.ssh/;
|
||||
chmod 700 /home/${user}/.ssh/;
|
||||
chmod 600 /home/${user}/.ssh/authorized_keys;
|
||||
else
|
||||
echo "$> chown -R ${user}:${group} /home/${user}/.ssh/";
|
||||
echo "$> chmod 700 /home/${user}/.ssh/";
|
||||
echo "$> chmod 600 /home/${user}/.ssh/authorized_keys";
|
||||
fi;
|
||||
fi;
|
||||
fi;
|
||||
done;
|
||||
|
||||
if [ -f "${root_folder}${output_file}" ]; then
|
||||
chmod 600 ${root_folder}${output_file};
|
||||
fi;
|
||||
Reference in New Issue
Block a user