ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug fixes in user create for new ssh key central location

Browse Source 
* Bug with existing ssh key but not in ssh authorized_file
The correct public key location was not set for the existing file

* Bug with attr set on authorzied_file update if central location
If a central location the +i attrib must be removed first
It will set always in the folder rights change

* Change the authorized file group to root for central file location
This commit is contained in:
Clemens Schwaighofer
2023-04-05 13:19:50 +09:00
parent 190b12b288
commit ebf0eaf412
1 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
bin/create_user.sh
View File

@@ -284,10 +284,10 @@ while read i; do
found=$(grep "$(cat ${ssh_keyfile_check_pub})" ${SSH_AUTHORIZED_FILE});
if [ ! -z "${found}" ]; then
skip_ssh=1;
# override previously set with stored one
ssh_keyfile_pub=${ssh_keyfile_check_pub};
echo "-- Skip SSH Key creation: ${ssh_keygen_id}.pub";
else
# override previously set with stored one
ssh_keyfile_pub=${ssh_keyfile_check_pub};
echo " < Use existing public ssh key '${ssh_keygen_id}.pub'";
# Password already set notification
fi;
@@ -303,7 +303,7 @@ while read i; do
echo $(date +"%F %T")";"${host}";"${_hostname}";"${username}";"${password}";"${ssh_allow_type} >> ${create_output_file};
# create folder only if we do not have central
# create the SSH foler and authorized access file with correct permissions
if [ -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
if [ ! -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
echo " > Create .ssh folder";
if [ ${TEST} -eq 0 ]; then
mkdir ${HOME_FOLDER}${username}/.ssh/;
@@ -311,12 +311,20 @@ while read i; do
echo "$> mkdir ${HOME_FOLDER}${username}/.ssh/";
fi;
fi;
# add
echo " > Add public into authorized_keys file";
if [ ${TEST} -eq 0 ]; then
if [ ! -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
chattr -i ${SSH_AUTHORIZED_FILE};
fi;
cat "${ssh_keyfile_pub}" > ${SSH_AUTHORIZED_FILE};
else
if [ -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
echo "$> chattr -i ${SSH_AUTHORIZED_FILE}";
fi;
echo "$> cat ${ssh_keyfile_pub} > ${SSH_AUTHORIZED_FILE}";
fi;
# secure
if [ -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
echo " > Secure home directory folder .ssh and authorized_keys file";
if [ ${TEST} -eq 0 ]; then
@@ -331,12 +339,12 @@ while read i; do
else
echo " > Secure central authorized_keys file";
if [ ${TEST} -eq 0 ]; then
chown ${username}:${group} ${SSH_AUTHORIZED_FILE};
chown ${username}:root ${SSH_AUTHORIZED_FILE};
chmod 400 ${SSH_AUTHORIZED_FILE};
# set +i so user can't change file
chattr +i ${SSH_AUTHORIZED_FILE};
else
echo "$> chown ${username}:${group} ${SSH_AUTHORIZED_FILE}";
echo "$> chown ${username}:root ${SSH_AUTHORIZED_FILE}";
echo "$> chmod 400 ${SSH_AUTHORIZED_FILE}";
echo "$> chattr +i ${SSH_AUTHORIZED_FILE}";
fi;