Update user creation with keeping public key on the server
With this I can check if I have added that key already to avoid ssh key double creations
This commit is contained in:
Clemens Schwaighofer
@@ -11,7 +11,7 @@ The folder holding the script must be owned by *root* and have *600* permissions
|
|||||||
|
|
||||||
```sh
|
```sh
|
||||||
cd /root/
|
cd /root/
|
||||||
git clone http://git.tequila.jp/ScriptsCollections/AwsUserCreate.git users
|
git clone https://git.tequila.jp/ScriptsCollections/AwsUserCreate.git users
|
||||||
chown root. users
|
chown root. users
|
||||||
chgrp 600 users
|
chgrp 600 users
|
||||||
```
|
```
|
||||||
@@ -52,9 +52,7 @@ user2;othername;group-a;;
|
|||||||
|
|
||||||
### User with existing PEM key
|
### User with existing PEM key
|
||||||
|
|
||||||
If we want to create a user that already has a PEM key or we want to have the user use the same PEM key for login we can copy the existing pub key into the ssh key folder
|
If we want to create a user that already has a PEM key or we want to have the user use the same PEM key for login we can copy the existing pub key into the ssh key folder `ssh-keygen-created-pub`
|
||||||
|
|
||||||
If the folder `ssh-keygen` does not exist, the folder is automatically created as a sub folder to the folder where the '*user_list.txt*' is located. An additional `zip` folder is created that will hold the current run created user data.
|
|
||||||
|
|
||||||
The public PEM key file format is as followed
|
The public PEM key file format is as followed
|
||||||
|
|
||||||
|
|||||||
@@ -41,6 +41,7 @@ output_file="user_password.${timesamp}.txt";
|
|||||||
output_zip_folder='zip/';
|
output_zip_folder='zip/';
|
||||||
output_zip="users.${timesamp}.zip"
|
output_zip="users.${timesamp}.zip"
|
||||||
ssh_keygen_folder='ssh-keygen/';
|
ssh_keygen_folder='ssh-keygen/';
|
||||||
|
ssh_keygen_folder_created_pub='ssh-keygen-created-pub/';
|
||||||
ssh_keytype='ed25519';
|
ssh_keytype='ed25519';
|
||||||
# check if ssh key folder exists
|
# check if ssh key folder exists
|
||||||
if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
|
if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
|
||||||
@@ -122,6 +123,10 @@ while read i; do
|
|||||||
ssh_keygen_id="${hostname}${separator}${group}${separator}${user}${separator}${ssh_keytype}.pem";
|
ssh_keygen_id="${hostname}${separator}${group}${separator}${user}${separator}${ssh_keytype}.pem";
|
||||||
# the full file including folder name
|
# the full file including folder name
|
||||||
ssh_keyfile="${root_folder}${ssh_keygen_folder}${ssh_keygen_id}";
|
ssh_keyfile="${root_folder}${ssh_keygen_folder}${ssh_keygen_id}";
|
||||||
|
# publ file if new
|
||||||
|
ssh_keyfile_pub="${ssh_keyfile}.pub";
|
||||||
|
# check existing pub file
|
||||||
|
ssh_keyfile_check_pub="${root_folder}${ssh_keygen_folder_created_pub}${ssh_keygen_id}.pub";
|
||||||
# check if user is not already created
|
# check if user is not already created
|
||||||
if getent passwd ${user} > /dev/null 2>&1; then
|
if getent passwd ${user} > /dev/null 2>&1; then
|
||||||
echo "-- Skip '${user}:${group}(${sub_group})'";
|
echo "-- Skip '${user}:${group}(${sub_group})'";
|
||||||
@@ -135,7 +140,7 @@ while read i; do
|
|||||||
fi;
|
fi;
|
||||||
skip_ssh=0;
|
skip_ssh=0;
|
||||||
# if public pem already exists skip creation
|
# if public pem already exists skip creation
|
||||||
if [ ! -f "${ssh_keyfile}.pub" ]; then
|
if [ ! -f "${ssh_keyfile_check_pub}" ]; then
|
||||||
# Note we only create a password if we need it
|
# Note we only create a password if we need it
|
||||||
# password + store pwgen 10 1 -1
|
# password + store pwgen 10 1 -1
|
||||||
if [ -z "${_password}" ]; then
|
if [ -z "${_password}" ]; then
|
||||||
@@ -152,15 +157,17 @@ while read i; do
|
|||||||
-C "${hostname}: ${user}@${group}" \
|
-C "${hostname}: ${user}@${group}" \
|
||||||
-a 100 -N "${password}"
|
-a 100 -N "${password}"
|
||||||
else
|
else
|
||||||
found=$(grep "$(cat ${ssh_keyfile}.pub)" /home/${user}/.ssh/authorized_keys);
|
found=$(grep "$(cat ${ssh_keyfile_check_pub})" /home/${user}/.ssh/authorized_keys);
|
||||||
if [ ! -z "${found}" ]; then
|
if [ ! -z "${found}" ]; then
|
||||||
skip_ssh=1;
|
skip_ssh=1;
|
||||||
|
# override previously set with stored one
|
||||||
|
ssh_keyfile_pub=${ssh_keyfile_check_pub};
|
||||||
echo "-- Skip SSH Key creation: ${ssh_keygen_id}.pub";
|
echo "-- Skip SSH Key creation: ${ssh_keygen_id}.pub";
|
||||||
else
|
else
|
||||||
echo " < Use existing public ssh key '${ssh_keyfile}.pub'";
|
echo " < Use existing public ssh key '${ssh_keygen_id}.pub'";
|
||||||
# Password already set notification
|
# Password already set notification
|
||||||
password="[ALREADY SET]";
|
|
||||||
fi;
|
fi;
|
||||||
|
password="[ALREADY SET]";
|
||||||
fi;
|
fi;
|
||||||
if [ ${skip_ssh} -eq 0 ]; then
|
if [ ${skip_ssh} -eq 0 ]; then
|
||||||
# write login info to output file
|
# write login info to output file
|
||||||
@@ -174,9 +181,9 @@ while read i; do
|
|||||||
fi;
|
fi;
|
||||||
echo " > Add public into authorized_keys";
|
echo " > Add public into authorized_keys";
|
||||||
if [ ${TEST} -eq 0 ]; then
|
if [ ${TEST} -eq 0 ]; then
|
||||||
cat "${ssh_keyfile}.pub" > /home/${user}/.ssh/authorized_keys;
|
cat "${ssh_keyfile_pub}" > /home/${user}/.ssh/authorized_keys;
|
||||||
else
|
else
|
||||||
echo "$> cat ${ssh_keyfile}.pub > /home/${user}/.ssh/authorized_keys";
|
echo "$> cat ${ssh_keyfile_pub} > /home/${user}/.ssh/authorized_keys";
|
||||||
fi;
|
fi;
|
||||||
echo " > Secure folder .ssh and authorized_keys file";
|
echo " > Secure folder .ssh and authorized_keys file";
|
||||||
if [ ${TEST} -eq 0 ]; then
|
if [ ${TEST} -eq 0 ]; then
|
||||||
@@ -202,9 +209,13 @@ zip -r \
|
|||||||
echo "Download: ${root_folder}${output_zip_folder}${output_zip}";
|
echo "Download: ${root_folder}${output_zip_folder}${output_zip}";
|
||||||
# cleam up user log file and ssh keys
|
# cleam up user log file and ssh keys
|
||||||
if [ ${TEST} -eq 0 ]; then
|
if [ ${TEST} -eq 0 ]; then
|
||||||
|
# move pub to created folders
|
||||||
|
mv "${root_folder}${ssh_keygen_folder}"*.pub "${root_folder}${ssh_keygen_folder_created_pub}";
|
||||||
|
# delete the rest
|
||||||
rm "${root_folder}${output_file}";
|
rm "${root_folder}${output_file}";
|
||||||
rm "${root_folder}${ssh_keygen_folder}"*;
|
rm "${root_folder}${ssh_keygen_folder}"*;
|
||||||
else
|
else
|
||||||
|
echo "$> mv ${root_folder}${ssh_keygen_folder}*.pub ${root_folder}${ssh_keygen_folder_created_pub};";
|
||||||
echo "$> rm ${root_folder}${output_file}";
|
echo "$> rm ${root_folder}${output_file}";
|
||||||
echo "$> rm ${root_folder}${ssh_keygen_folder}*";
|
echo "$> rm ${root_folder}${ssh_keygen_folder}*";
|
||||||
fi;
|
fi;
|
||||||
|
|||||||
2
ssh-keygen-created-pub/.gitignore
vendored
Normal file
2
ssh-keygen-created-pub/.gitignore
vendored
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
*
|
||||||
|
!.gitignore
|
||||||
Reference in New Issue
Block a user