ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update -t test option flow, added -i info option

Browse Source 
-t test will NOT create an ssh key anymore. The user password list file
gets a .TEST extension

-i info is a new option to just show user/group and ssh key name without
creating anything at all.
Can be used to update old public key names to new format
This commit is contained in:
Clemens Schwaighofer
2022-03-10 11:12:18 +09:00
parent 2e8c30a704
commit d13dd08855
3 changed files with 60 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Readme.md
View File

@@ -24,19 +24,31 @@ Inside the base folder there are
* ssh-keygen for temporary holding the PEM/PUB files * ssh-keygen for temporary holding the PEM/PUB files
* zip file which holds the created user list, password and PEM/PUB files * zip file which holds the created user list, password and PEM/PUB files
## Options
### -t (test)
Run in test mode. This will *NOT* create any groups or users. Nor will it create any ssh key files.
`user_password` output file will be written with `.TEST` extension
### -i (info)
Do not created anything at all, just print out info strings
## User list creation ## User list creation
In the `/root/users/` folder there needs to be a file called '*user_list.txt*' In the `/root/users/` folder there needs to be a file called '*user_list.txt*'
This is a CSV type file with the following layout This is a CSV type file with the following layout
ID | Username | Group | Optional Password | Override host name ID | Username | Group | Optional Password | Override host name | Override ssh key type
-|-|-|-|- -|-|-|-|-|-
The ID, Username and Group column must be filled. The ID, Username and Group column must be filled.
For sub groups add them with a *,* The first group is the master group For sub groups add them with a *,* The first group is the master group
If the password column is filled, the string from here will be used as the PEM Key password. If the password column is filled, the string from here will be used as the PEM Key password.
If a override hostname is set it will be used instead of `hostname` If a override hostname is set it will be used instead of `hostname`
If the ssh key type is set, it will override the default *ed25519* type. This is not recommended. Only *rsa* is allowed. This is for setting up backwards compatible lists.
The ID can be any string in any form. The ID can be any string in any form.
It can also be left empty. It is not used at the moment It can also be left empty. It is not used at the moment

63
bin/user_create.sh
View File

@@ -21,12 +21,16 @@
# They pem pub key must follow the set rules above # They pem pub key must follow the set rules above
# SET TO 1 to TEST [will no create user/group/folder] # SET TO 1 to TEST [will no create user/group/folder]
TEST=0; TEST=0; # no creation except ssh keys
while getopts ":t" opt; do INFO=0; # no creation of anything, just print info strings
while getopts ":ti" opt; do
case "${opt}" in case "${opt}" in
t|test) t|test)
TEST=1; TEST=1;
;; ;;
i|info)
INFO=1;
;;
esac; esac;
done; done;
# hostname for output file only # hostname for output file only
@@ -71,7 +75,7 @@ if [ $(stat -c %a .) != "600" ]; then
echo "!!!! RECOMMENDED TO HAVE BASE FOLDER SET TO '600' AND USER 'root' !!!!" echo "!!!! RECOMMENDED TO HAVE BASE FOLDER SET TO '600' AND USER 'root' !!!!"
fi; fi;
if [ $(whoami) != "root" ]; then if [ $(whoami) != "root" ]; then
if [ ${TEST} -eq 0 ]; then if [ ${TEST} -eq 0 ] && [ ${INFO} -eq 0 ]; then
echo "Script must be run as root user"; echo "Script must be run as root user";
exit; exit;
else else
@@ -105,20 +109,17 @@ while read i; do
fi; fi;
# do we have a password preset # do we have a password preset
_password=$(echo "${i}" | cut -d ";" -f 4); _password=$(echo "${i}" | cut -d ";" -f 4);
_ssh_keytype=$(echo "${i}" | cut -d ";" -f 6 | tr A-Z a-z | tr -d ' ');
if [ "${_ssh_keytype}" = "rsa" ]; then
ssh_keytype="${_ssh_keytype}";
echo "[!!] BACKWARDS COMPATIBLE RSA TYPE SELECTION [!!]";
fi;
# user & group not set # user & group not set
if [ -z "${user}" ] || [ -z "${_group}" ]; then if [ -z "${user}" ] || [ -z "${_group}" ]; then
echo "[!!!!!] Missing user or group entry for ${user}/${_group}"; echo "[!!!!!] Missing user or group entry for ${user}/${_group}";
echo "[ABORT RUN]" echo "[*** ABORT RUN ***]"
break; break;
fi; fi;
# add group for each entry in _group
for create_group in ${_group//,/ }; do
if [ ${TEST} -eq 0 ]; then
groupadd -f ${create_group};
else
echo "$> groupadd -f ${create_group}";
fi;
done;
# SSH file name part without folder # SSH file name part without folder
ssh_keygen_id="${hostname}${separator}${group}${separator}${user}${separator}${ssh_keytype}.pem"; ssh_keygen_id="${hostname}${separator}${group}${separator}${user}${separator}${ssh_keytype}.pem";
# the full file including folder name # the full file including folder name
@@ -127,6 +128,20 @@ while read i; do
ssh_keyfile_pub="${ssh_keyfile}.pub"; ssh_keyfile_pub="${ssh_keyfile}.pub";
# check existing pub file # check existing pub file
ssh_keyfile_check_pub="${root_folder}${ssh_keygen_folder_created_pub}${ssh_keygen_id}.pub"; ssh_keyfile_check_pub="${root_folder}${ssh_keygen_folder_created_pub}${ssh_keygen_id}.pub";
if [ ${INFO} -eq 1 ]; then
echo "User: '${user}:${group}(${sub_group})', SSH: ${ssh_keygen_id}";
continue;
fi;
# add group for each entry in _group
for create_group in ${_group//,/ }; do
if [ ${TEST} -eq 0 ]; then
groupadd -f ${create_group};
else
echo "$> groupadd -f ${create_group}";
fi;
done;
# check if user is not already created # check if user is not already created
if getent passwd ${user} > /dev/null 2>&1; then if getent passwd ${user} > /dev/null 2>&1; then
echo "-- Skip '${user}:${group}(${sub_group})'"; echo "-- Skip '${user}:${group}(${sub_group})'";
@@ -151,11 +166,15 @@ while read i; do
fi; fi;
# create SSH key # create SSH key
echo " > Create ssh key-pair '${ssh_keyfile}'"; echo " > Create ssh key-pair '${ssh_keyfile}'";
ssh-keygen \ if [ ${TEST} -eq 0 ]; then
-t ${ssh_keytype} \ ssh-keygen \
-f "${ssh_keyfile}" \ -t ${ssh_keytype} \
-C "${hostname}: ${user}@${group}" \ -f "${ssh_keyfile}" \
-a 100 -N "${password}" -C "${hostname}: ${user}@${group}" \
-a 100 -N "${password}"
else
echo "$> ssh-keygen -t ${ssh_keytype} -f ${ssh_keyfile} -C ${hostname}: ${user}@${group} -a 100 -N ${password}";
fi;
else else
found=$(grep "$(cat ${ssh_keyfile_check_pub})" /home/${user}/.ssh/authorized_keys); found=$(grep "$(cat ${ssh_keyfile_check_pub})" /home/${user}/.ssh/authorized_keys);
if [ ! -z "${found}" ]; then if [ ! -z "${found}" ]; then
@@ -171,7 +190,11 @@ while read i; do
fi; fi;
if [ ${skip_ssh} -eq 0 ]; then if [ ${skip_ssh} -eq 0 ]; then
# write login info to output file # write login info to output file
echo $(date +"%F %T")";"${host}";"${_hostname}";"${user}";"${password} >> ${root_folder}${output_file}; if [ ${TEST} -eq 0 ]; then
echo $(date +"%F %T")";"${host}";"${_hostname}";"${user}";"${password} >> ${root_folder}${output_file};
else
echo $(date +"%F %T")";"${host}";"${_hostname}";"${user}";"${password} >> ${root_folder}${output_file}".TEST";
fi;
# create the SSH foler and authorized access file with correct permissions # create the SSH foler and authorized access file with correct permissions
echo " > Create .ssh folder"; echo " > Create .ssh folder";
if [ ${TEST} -eq 0 ]; then if [ ${TEST} -eq 0 ]; then
@@ -199,6 +222,10 @@ while read i; do
fi; fi;
done; done;
# End before anything because this is just info run
if [ ${INFO} -eq 1 ]; then
exit;
fi;
# zip everything and remove data in ssh key folder, delete output file with passwords # zip everything and remove data in ssh key folder, delete output file with passwords
zip -r \ zip -r \
"${root_folder}${output_zip_folder}${output_zip}" \ "${root_folder}${output_zip_folder}${output_zip}" \

2
user_list.txt-sample
View File

@@ -1 +1 @@
#user_id;user_name;group,subgroup;optional override password;optional override hostname #user_id;user_name;group,subgroup;override password;override hostname;override ssh type