User creation scripts for aws servers

2021-12-14 06:50:13 +09:00
commit 95451f2e46
3 changed files with 338 additions and 0 deletions
--- a/user_create.sh
+++ b/user_create.sh
@@ -0,0 +1,130 @@
+#!/bin/bash
+
+# * input file
+# user_list.txt
+# <ignored id>;<user name>;<group>[;optional override password]
+# lines with # are skipped
+# already created users are skipped
+# * output file
+# <date>;<target connect host name>;<username>;<password>
+# If already existing PEM key is used then <password> is [ALREADY SET]
+#
+# * PEM KEY
+# <group>-<user>.pem
+# * PUBLIC KEY
+# <group>-<user>.pem.pub
+# store in
+# ssh-keygen/
+#
+# If a previously exsting PEM key should be used, put the public pem file
+# into the ssh-keygen/ folder
+# They pem pub key must follow the set rules above
+
+# SET TO 1 to TEST [will no create user/group/folder]
+TEST=0;
+# hostname for output file only
+host=$(hostname);
+# base folder for all data
+root_folder=$(pwd)'/';
+input_file='user_list.txt';
+output_file='user_password.txt';
+ssh_keygen_folder='ssh-keygen/';
+# check if ssh key folder exists
+if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
+	mkdir "${root_folder}${ssh_keygen_folder}";
+fi;
+# check if password generate software is installed
+if [ ! command -v pwgen &> /dev/null ]; then
+	echo "Missing pwgen application, aborting";
+	exit;
+fi;
+# check if user list file exists
+if [ ! -f "${root_folder}${input_file}" ]; then
+	echo "Missing ${root_folder}${input_file}";
+	exit;
+fi;
+# create users
+cat "${root_folder}${input_file}" |
+while read i; do
+	# skip rows start with # (comment)
+	if [[ "${i}" =~ ^# ]]; then
+		echo -e "";
+	else
+		user=$(echo "${i}" | cut -d ";" -f 2 | tr A-Z a-z);
+		group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z);
+		# user & group not set
+		if [ -z "${user}" ] || [ -z "${group}" ]; then
+			echo "[!!!!!] Missing user or group entry for ${user}/${group}";
+			echo "[ABORT RUN]"
+			break;
+		fi;
+		# do we have a password preset
+		_password=$(echo "${i}" | cut -d ";" -f 4);
+		# add group
+		if [ ${TEST} -eq 0 ]; then
+			groupadd -f ${group};
+		else
+			echo "$> groupadd -f ${group}";
+		fi;
+		# SSH key base name (removed ${host}- so we can use it more easy for multi server same key)
+		ssh_keygen_id="${group}-${user}.pem";
+		# check if user is not already created
+		if getent passwd ${user} > /dev/null 2>&1; then
+			echo "-- Skip '${user}:${group}'";
+		else
+			echo "++ Create '${user}:${group}'";
+			if [ ${TEST} -eq 0 ]; then
+				useradd -s /bin/bash -g ${group} -m ${user};
+			else
+				echo "$> useradd -s /bin/bash -g ${group} -m ${user}";
+			fi;
+			# if public pem already exists skip creation
+			if [ ! -f ${root_folder}${ssh_keygen_folder}${ssh_keygen_id}".pub" ]; then
+				# Note we only create a password if we need it
+				# password + store pwgen 10 1 -1
+				if [ -z "${_password}" ]; then
+					password=$(printf "%s" $(pwgen 10 1));
+				else
+					echo "! Override password set";
+					password=${_password};
+				fi;
+				# create SSH key
+				echo " > Create ssh key-pair '${root_folder}${ssh_keygen_folder}${ssh_keygen_id}'";
+				ssh-keygen -f ${root_folder}${ssh_keygen_folder}${ssh_keygen_id} -C "${host}: ${user}@${group}" -N "${password}"
+			else
+				echo " < Use existing public ssh key '${root_folder}${ssh_keygen_folder}${ssh_keygen_id}.pub'";
+				# Password already set notification
+				password="[ALREADY SET]";
+			fi;
+			# write login info to output file
+			echo $(date +"%F %T")";"${host}";"${user}";"${password} >> ${root_folder}${output_file};
+			# create the SSH foler and authorized access file with correct permissions
+			echo " > Create .ssh folder";
+			if [ ${TEST} -eq 0 ]; then
+				mkdir /home/${user}/.ssh/;
+			else
+				echo "$> mkdir /home/${user}/.ssh/";
+			fi;
+			echo " > Add public into authorized_keys";
+			if [ ${TEST} -eq 0 ]; then
+				cat ${root_folder}${ssh_keygen_folder}/${ssh_keygen_id}.pub > /home/${user}/.ssh/authorized_keys;
+			else
+				echo "$> cat ${root_folder}${ssh_keygen_folder}/${ssh_keygen_id}.pub > /home/${user}/.ssh/authorized_keys";
+			fi;
+			echo " > Secure folder .ssh and authorized_keys file";
+			if [ ${TEST} -eq 0 ]; then
+				chown -R ${user}:${group} /home/${user}/.ssh/;
+				chmod 700 /home/${user}/.ssh/;
+				chmod 600 /home/${user}/.ssh/authorized_keys;
+			else
+				echo "$> chown -R ${user}:${group} /home/${user}/.ssh/";
+				echo "$> chmod 700 /home/${user}/.ssh/";
+				echo "$> chmod 600 /home/${user}/.ssh/authorized_keys";
+			fi;
+		fi;
+	fi;
+done;
+
+if [ -f "${root_folder}${output_file}" ]; then
+	chmod 600 ${root_folder}${output_file};
+fi;