Update user creation with keeping public key on the server
With this I can check if I have added that key already to avoid ssh key double creations
This commit is contained in:
Clemens Schwaighofer
@@ -11,7 +11,7 @@ The folder holding the script must be owned by *root* and have *600* permissions
|
||||
|
||||
```sh
|
||||
cd /root/
|
||||
git clone http://git.tequila.jp/ScriptsCollections/AwsUserCreate.git users
|
||||
git clone https://git.tequila.jp/ScriptsCollections/AwsUserCreate.git users
|
||||
chown root. users
|
||||
chgrp 600 users
|
||||
```
|
||||
@@ -52,9 +52,7 @@ user2;othername;group-a;;
|
||||
|
||||
### User with existing PEM key
|
||||
|
||||
If we want to create a user that already has a PEM key or we want to have the user use the same PEM key for login we can copy the existing pub key into the ssh key folder
|
||||
|
||||
If the folder `ssh-keygen` does not exist, the folder is automatically created as a sub folder to the folder where the '*user_list.txt*' is located. An additional `zip` folder is created that will hold the current run created user data.
|
||||
If we want to create a user that already has a PEM key or we want to have the user use the same PEM key for login we can copy the existing pub key into the ssh key folder `ssh-keygen-created-pub`
|
||||
|
||||
The public PEM key file format is as followed
|
||||
|
||||
|
||||
@@ -41,6 +41,7 @@ output_file="user_password.${timesamp}.txt";
|
||||
output_zip_folder='zip/';
|
||||
output_zip="users.${timesamp}.zip"
|
||||
ssh_keygen_folder='ssh-keygen/';
|
||||
ssh_keygen_folder_created_pub='ssh-keygen-created-pub/';
|
||||
ssh_keytype='ed25519';
|
||||
# check if ssh key folder exists
|
||||
if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
|
||||
@@ -122,6 +123,10 @@ while read i; do
|
||||
ssh_keygen_id="${hostname}${separator}${group}${separator}${user}${separator}${ssh_keytype}.pem";
|
||||
# the full file including folder name
|
||||
ssh_keyfile="${root_folder}${ssh_keygen_folder}${ssh_keygen_id}";
|
||||
# publ file if new
|
||||
ssh_keyfile_pub="${ssh_keyfile}.pub";
|
||||
# check existing pub file
|
||||
ssh_keyfile_check_pub="${root_folder}${ssh_keygen_folder_created_pub}${ssh_keygen_id}.pub";
|
||||
# check if user is not already created
|
||||
if getent passwd ${user} > /dev/null 2>&1; then
|
||||
echo "-- Skip '${user}:${group}(${sub_group})'";
|
||||
@@ -135,7 +140,7 @@ while read i; do
|
||||
fi;
|
||||
skip_ssh=0;
|
||||
# if public pem already exists skip creation
|
||||
if [ ! -f "${ssh_keyfile}.pub" ]; then
|
||||
if [ ! -f "${ssh_keyfile_check_pub}" ]; then
|
||||
# Note we only create a password if we need it
|
||||
# password + store pwgen 10 1 -1
|
||||
if [ -z "${_password}" ]; then
|
||||
@@ -152,15 +157,17 @@ while read i; do
|
||||
-C "${hostname}: ${user}@${group}" \
|
||||
-a 100 -N "${password}"
|
||||
else
|
||||
found=$(grep "$(cat ${ssh_keyfile}.pub)" /home/${user}/.ssh/authorized_keys);
|
||||
found=$(grep "$(cat ${ssh_keyfile_check_pub})" /home/${user}/.ssh/authorized_keys);
|
||||
if [ ! -z "${found}" ]; then
|
||||
skip_ssh=1;
|
||||
# override previously set with stored one
|
||||
ssh_keyfile_pub=${ssh_keyfile_check_pub};
|
||||
echo "-- Skip SSH Key creation: ${ssh_keygen_id}.pub";
|
||||
else
|
||||
echo " < Use existing public ssh key '${ssh_keyfile}.pub'";
|
||||
echo " < Use existing public ssh key '${ssh_keygen_id}.pub'";
|
||||
# Password already set notification
|
||||
password="[ALREADY SET]";
|
||||
fi;
|
||||
password="[ALREADY SET]";
|
||||
fi;
|
||||
if [ ${skip_ssh} -eq 0 ]; then
|
||||
# write login info to output file
|
||||
@@ -174,9 +181,9 @@ while read i; do
|
||||
fi;
|
||||
echo " > Add public into authorized_keys";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
cat "${ssh_keyfile}.pub" > /home/${user}/.ssh/authorized_keys;
|
||||
cat "${ssh_keyfile_pub}" > /home/${user}/.ssh/authorized_keys;
|
||||
else
|
||||
echo "$> cat ${ssh_keyfile}.pub > /home/${user}/.ssh/authorized_keys";
|
||||
echo "$> cat ${ssh_keyfile_pub} > /home/${user}/.ssh/authorized_keys";
|
||||
fi;
|
||||
echo " > Secure folder .ssh and authorized_keys file";
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
@@ -202,9 +209,13 @@ zip -r \
|
||||
echo "Download: ${root_folder}${output_zip_folder}${output_zip}";
|
||||
# cleam up user log file and ssh keys
|
||||
if [ ${TEST} -eq 0 ]; then
|
||||
# move pub to created folders
|
||||
mv "${root_folder}${ssh_keygen_folder}"*.pub "${root_folder}${ssh_keygen_folder_created_pub}";
|
||||
# delete the rest
|
||||
rm "${root_folder}${output_file}";
|
||||
rm "${root_folder}${ssh_keygen_folder}"*;
|
||||
else
|
||||
echo "$> mv ${root_folder}${ssh_keygen_folder}*.pub ${root_folder}${ssh_keygen_folder_created_pub};";
|
||||
echo "$> rm ${root_folder}${output_file}";
|
||||
echo "$> rm ${root_folder}${ssh_keygen_folder}*";
|
||||
fi;
|
||||
|
||||
2
ssh-keygen-created-pub/.gitignore
vendored
Normal file
2
ssh-keygen-created-pub/.gitignore
vendored
Normal file
@@ -0,0 +1,2 @@
|
||||
*
|
||||
!.gitignore
|
||||
Reference in New Issue
Block a user