Add ignore from file for authorized keys move

admin/ubuntu/ec2-user keys must move too, but the folders don't get
auto removed

.gitignore

@@ -1,3 +1,3 @@
 user_list.txt
-user_password*.txt
+user_password*.txt*
 *.zip

bin/authorized_key_location_change.sh

@@ -0,0 +1,181 @@
+#!/usr/bin/env bash
+
+# check if we need to move the users authorized keys to the central location
+
+TEST=1;
+LIST=0;
+SKIP_USERS=();
+while getopts ":gls:" opt; do
+	case "${opt}" in
+		g|go)
+			# default we
+			TEST=0;
+			;;
+		s|skip)
+			SKIP_USERS+=("${OPTARG}");
+			;;
+		l|list)
+			LIST=1;
+			;;
+		\?)
+			echo -e "\n Option does not exist: ${OPTARG}\n";
+			echo "Use -g for go (run) and -s <user> for users to skip";
+			exit 1;
+			;;
+	esac;
+done;
+
+# check if authorized keys is actually enabled
+# detect ssh authorized_keys setting
+SSH_CENTRAL_AUTHORIZED_FILE_FOLDER='';
+SSH_MASTER_AUTHORIZED_FILE='';
+SSH_AUTHORIZED_FILE='';
+for cf in $(grep "^AuthorizedKeysFile" /etc/ssh/sshd_config | grep "%u"); do
+	if [ ! -z $(echo "${cf}" | grep "%u") ]; then
+		SSH_CENTRAL_AUTHORIZED_FILE_FOLDER=$(echo "${cf}" | sed -e 's/%u//');
+		if [ ! -d "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
+			echo "ssh central authorized_file folder could not be found: ${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}";
+			exit;
+		fi;
+	fi;
+done;
+if [ -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
+	echo "No central authorized_keys file detected, no change check needed";
+	exit;
+fi;
+for cf in $(grep "^AuthorizedKeysFile" /etc/ssh/sshd_config | grep -- "--master"); do
+	if [ ! -z $(echo "${cf}" | grep -- "--master") ]; then
+		SSH_MASTER_AUTHORIZED_FILE="${cf}";
+		if [ ! -f "${SSH_MASTER_AUTHORIZED_FILE}" ]; then
+			echo "ssh master authorized_file could not be found: ${SSH_MASTER_AUTHORIZED_FILE}"l
+			exit;
+		fi;
+	fi;
+done;
+if [ -z "${SSH_MASTER_AUTHORIZED_FILE}" ]; then
+	echo "No master authorized_key file detected, no change check needed";
+	exit;
+fi;
+echo "SSH Master Authorized Key file: ${SSH_MASTER_AUTHORIZED_FILE}";
+echo "SSH Authorized Keys file folder: ${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}";
+
+if [ ${LIST} -eq 1 ]; then
+	ls -l "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}";
+	lsattr "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}";
+	exit;
+fi;
+
+# base folder
+BASE_FOLDER=$(dirname $(readlink -f $0))"/";
+# output printf
+PRINTF_INFO="%-8s [%3s]: %-25s: %s\n";
+# list of user accounts we will never touch
+NO_ACTION=(root);
+# move, but must check that master is set
+# master key is the first in the authorized keys list for the below users
+MASTER_KEY=(admin ec2-user ubuntu);
+# skip user file
+IGNORE_USER_FILE="../config/authorized_key_location_change.ignore"
+# list of users to skip from file
+IGNORE_USER=();
+
+if [ -f "${BASE_FOLDER}${IGNORE_USER_FILE}" ]; then
+	readarray -t IGNORE_USER < "${BASE_FOLDER}${IGNORE_USER_FILE}";
+	echo "Reading ${IGNORE_USER_FILE}";
+fi;
+
+# loop over passwd file
+# if not in no action then check if .ssh/authorized_keys file exists
+cat /etc/passwd | cut -d ":" -f 1,6 |
+while read user_home; do
+	username=$(echo "${user_home}" | cut -d ":" -f 1);
+	master_user=0;
+	# skip admin usernames
+	if [[ " ${NO_ACTION[*]} " =~ " ${username} " ]]; then
+		printf "${PRINTF_INFO}" "NO ACT" "!" "${username}" "user in NO ACTION list";
+		continue;
+	fi;
+	if [[ " ${SKIP_USERS[*]} " =~ " ${username} " ]]; then
+		printf "${PRINTF_INFO}" "SKIP" "*" "${username}" "skip forced via command line";
+		continue;
+	fi;
+	if [[ " ${IGNORE_USER[*]} " =~ " ${username} " ]]; then
+		printf "${PRINTF_INFO}" "SKIP" "**" "${username}" "skip from ignore config file";
+		continue;
+	fi;
+	home_folder=$(echo "${user_home}" | cut -d ":" -f 2);
+	# skip no .ssh/authorized_ekys
+	if [ ! -f "${home_folder}/.ssh/authorized_keys" ]; then
+		# but do we have an auth folder, if yes -> exist skip
+		if [ -f "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}" ]; then
+			printf "${PRINTF_INFO}" "DONE" "." "${username}" "already moved";
+		else
+			printf "${PRINTF_INFO}" "IGNORE" "?" "${username}" "no authorized_keys file";
+		fi;
+		continue;
+	fi;
+	# check those keys are in the master key list
+	if [[ " ${MASTER_KEY[*]} " =~ " ${username} " ]]; then
+		master_user=1;
+		ssh_key_diff=$(diff -u "${home_folder}/.ssh/authorized_keys" "${SSH_MASTER_AUTHORIZED_FILE}");
+		if [ ! -z "${ssh_key_diff}" ]; then
+			printf "${PRINTF_INFO}" "ABORT" "!!!" "${username}" "authorized key is not matching the master key file";
+			exit;
+		fi;
+	fi;
+	# check if this user public key(s) exist in AuthorizedKeysFile target
+	if [ -f "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}" ]; then
+		ssh_key_diff=$(diff -u "${home_folder}/.ssh/authorized_keys" "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}");
+		if [ -z "${ssh_key_diff}" ]; then
+			printf "${PRINTF_INFO}" "REMOVE" "-" "${username}" ".ssh/authorized_keys";
+			if [ ${master_user} -eq 0 ]; then
+				if [ ${TEST} -eq 0 ]; then
+					rm "${home_folder}/.ssh/authorized_keys";
+				else
+					echo "$> rm \"${home_folder}/.ssh/authorized_keys\"";
+				fi;
+			else
+				echo "[!] No delete for master user, must be done manually";
+			fi;
+			continue;
+		fi;
+		# No update, alert
+		printf "${PRINTF_INFO}" "DIFF" "???" "${username}" "Different authorized keys in home dir, SKIPPED";
+		continue;
+	fi;
+	printf "${PRINTF_INFO}" "MOVE" ">" "${username}" "Move SSH Key to central location";
+	# move public keys over
+	if [ ${TEST} -eq 0 ]; then
+		cat "${home_folder}/.ssh/authorized_keys" > "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}";
+		# secure new folder: chown/chmod/chattr
+		chown ${username} "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}";
+		chmod 400 "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}";
+		chattr +i "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}";
+		# confirm
+		ssh_key_diff=$(diff -u "${home_folder}/.ssh/authorized_keys" "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}");
+		if [ ! -z "${ssh_key_diff}" ]; then
+			printf "${PRINTF_INFO}" "ERROR" "!!!" "${username}" "Move problem ${ssh_key_diff}";
+			break;
+		fi;
+		# remove home .ssh/authorized_keys (do not remove folder)
+		if [ ${master_user} -eq 0 ]; then
+			rm "${home_folder}/.ssh/authorized_keys";
+		else
+			echo "=> No delete for master user, must be done manually";
+		fi;
+	else
+		echo "[START] ====>";
+		echo "$> cat \"${home_folder}/.ssh/authorized_keys\" > \"${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}\"";
+		echo "$> chown ${username} \"${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}\"";
+		echo "$> chmod 400 \"${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}\"";
+		echo "$> chattr +i \"${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}/${username}\"";
+		if [ ${master_user} -eq 0 ]; then
+			echo "$> rm \"${home_folder}/.ssh/authorized_keys\"";
+		else
+			echo "[!] No delete for master user, must be done manually";
+		fi;
+		echo "[END  ] ====>";
+	fi;
+done;
+
+# __END__

bin/create_user.sh

@@ -27,7 +27,7 @@
 # SET TO 1 to TEST [will not create user/group/folder]
 TEST=0; # no creation except ssh keys
 INFO=0; # no creation of anything, just print info strings
-while getopts ":ti" opt; do
+while getopts ":tih:" opt; do
 	case "${opt}" in
 		t|test)
 			TEST=1;
@@ -35,9 +35,13 @@ while getopts ":ti" opt; do
 		i|info)
 			INFO=1;
 			;;
+		h|home)
+			HOME_LOCATION="${OPTARG}";
+			;;
 		\?)
 			echo -e "\n Option does not exist: ${OPTARG}\n";
 			echo "Use -t for test and -i for info";
+			echo "Override default /home/ folder location with -h <base>";
 			exit 1;
 			;;
 	esac;
@@ -48,28 +52,68 @@ timestamp=$(date +%Y%m%d-%H%M%S)
 # character to set getween info blocks
 separator="#";
 # base folder for all data
-# root_folder=$(pwd)'/';
 BASE_FOLDER=$(dirname $(readlink -f $0))"/";
-root_folder="${BASE_FOLDER}../";
+# home folder is always thome
+HOME_BASE="/home/";
+# config location
+CONFIG_BASE="${BASE_FOLDER}../config/";
+# check config folder for .env file with HOME_LOCATION
+# only use if HOME_LOCATION not yet set
+if [ -z "${HOME_LOCATION}" ] && [ -f "${CONFIG_BASE}create_user.cfg" ]; then
+	source <(grep = ${CONFIG_BASE}create_user.cfg | sed 's/ *= */=/g')
+fi;
+
+if [ ! -z "${HOME_LOCATION}" ]; then
+	# must start with / as it has to be from root
+	if [ "${HOME_LOCATION##/*}" ]; then
+		echo "Home location folder must start with a slash (/): ${HOME_LOCATION}";
+		exit;
+	fi;
+	# must be valid folder
+	if [ ! -d "${HOME_LOCATION}" ]; then
+		echo "Folder for home location does not exists: ${HOME_LOCATION}";
+		exit;
+	fi;
+fi;
+# the new location for home, if override is set will be created in this folder
+HOME_FOLDER="${HOME_LOCATION}${HOME_BASE}"
+if [ ! -d "${HOME_FOLDER}" ]; then
+	echo "Home folder location not found: ${HOME_FOLDER}";
+	exit;
+fi;
+ROOT_FOLDER="${BASE_FOLDER}../";
 input_file='user_list.txt';
 output_file="user_password.${timestamp}.txt";
 output_zip_folder='zip/';
 output_zip="users.${timestamp}.zip"
-ssh_keygen_folder='ssh-keygen/';
-ssh_keygen_folder_created_pub='ssh-keygen-created-pub/';
+SSH_KEYGEN_FOLDER='ssh-keygen/';
+SSH_KEYGEN_FOLDER_CREATED_PUB='ssh-keygen-created-pub/';
 # set default key tpye
 default_ssh_keytype='ed25519';
 ssh_keytype='';
 # sshallow or sshforward
 ssh_group='';
 ssh_forward_ok=0;
+# detect ssh authorized_keys setting
+SSH_CENTRAL_AUTHORIZED_FILE_FOLDER='';
+SSH_AUTHORIZED_FILE='';
+for cf in $(grep "^AuthorizedKeysFile" /etc/ssh/sshd_config | grep "%u"); do
+	if [ ! -z $(echo "${cf}" | grep "%u") ]; then
+		SSH_CENTRAL_AUTHORIZED_FILE_FOLDER=$(echo "${cf}" | sed -e 's/%u//');
+		if [ ! -d "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
+			echo "ssh central authorized_file folder could not be found: ${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}";
+			exit;
+		fi;
+	fi;
+done;
+
 # check if ssh key folder exists
-if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
-	mkdir "${root_folder}${ssh_keygen_folder}";
+if [ ! -d "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}" ]; then
+	mkdir "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}";
 fi;
 # check if zip folder is missing
-if [ ! -d "${root_folder}${output_zip_folder}" ]; then
-	mkdir "${root_folder}${output_zip_folder}";
+if [ ! -d "${ROOT_FOLDER}${output_zip_folder}" ]; then
+	mkdir "${ROOT_FOLDER}${output_zip_folder}";
 fi;
 # check if password generate software is installed
 # if [ ! command -v pwgen &> /dev/null ]; then
@@ -93,8 +137,8 @@ if [ ! -z $(cat /etc/group | grep "sshforward:") ]; then
 	ssh_forward_ok=1;
 fi;
 # check if user list file exists
-if [ ! -f "${root_folder}${input_file}" ]; then
-	echo "Missing ${root_folder}${input_file}";
+if [ ! -f "${ROOT_FOLDER}${input_file}" ]; then
+	echo "Missing ${ROOT_FOLDER}${input_file}";
 	exit;
 fi;
 # make sure my own folder is owned by root and 600 (except for testing)
@@ -110,7 +154,7 @@ if [ $(whoami) != "root" ]; then
 	fi;
 fi;
 # create users
-cat "${root_folder}${input_file}" |
+cat "${ROOT_FOLDER}${input_file}" |
 while read i; do
 	# skip rows start with # (comment)
 	if [[ "${i}" =~ ^\# ]]; then
@@ -167,11 +211,11 @@ while read i; do
 	# SSH file name part without folder
 	ssh_keygen_id="${hostname}${separator}${group}${separator}${username}${separator}${ssh_keytype}.pem";
 	# the full file including folder name
-	ssh_keyfile="${root_folder}${ssh_keygen_folder}${ssh_keygen_id}";
+	ssh_keyfile="${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}${ssh_keygen_id}";
 	# publ file if new
 	ssh_keyfile_pub="${ssh_keyfile}.pub";
 	# check existing pub file
-	ssh_keyfile_check_pub="${root_folder}${ssh_keygen_folder_created_pub}${ssh_keygen_id}.pub";
+	ssh_keyfile_check_pub="${ROOT_FOLDER}${SSH_KEYGEN_FOLDER_CREATED_PUB}${ssh_keygen_id}.pub";
 
 	if [ ${INFO} -eq 1 ]; then
 		# test if pub file exists or not, test if user exists
@@ -203,11 +247,17 @@ while read i; do
 		echo "++ Create '${username}:${group}(${sub_group})'";
 		if [ ${TEST} -eq 0 ]; then
 			# comment is user create time
-			useradd -c `date +"%F"` -s /bin/bash -g ${group}${sub_group_opt} -m ${username};
+			useradd -c `date +"%F"` -s /bin/bash -g ${group}${sub_group_opt} -d "${HOME_FOLDER}${username}" -m ${username};
 		else
-			echo "$> useradd -s /bin/bash -g ${group}${sub_group_opt} -m ${username}";
+			echo "$> useradd -c `date +"%F"` -s /bin/bash -g ${group}${sub_group_opt} -d "${HOME_FOLDER}${username}" -m ${username}";
 		fi;
 	fi;
+	# set the auth file
+	if [ -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
+		SSH_AUTHORIZED_FILE="${HOME_FOLDER}${username}/.ssh/authorized_keys";
+	else
+		SSH_AUTHORIZED_FILE="${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}${username}";
+	fi;
 	skip_ssh=0;
 	# if public pem already exists skip creation
 	if [ ! -f "${ssh_keyfile_check_pub}" ]; then
@@ -231,13 +281,16 @@ while read i; do
 			echo "$> ssh-keygen -t ${ssh_keytype} -f ${ssh_keyfile} -C ${hostname}: ${username}@${group} -a 100 -N ${password}";
 		fi;
 	else
-		found=$(grep "$(cat ${ssh_keyfile_check_pub})" /home/${username}/.ssh/authorized_keys);
+		found='';
+		if [ -f "${SSH_AUTHORIZED_FILE}" ]; then
+			found=$(grep "$(cat ${ssh_keyfile_check_pub})" ${SSH_AUTHORIZED_FILE});
+		fi;
 		if [ ! -z "${found}" ]; then
 			skip_ssh=1;
-			# override previously set with stored one
-			ssh_keyfile_pub=${ssh_keyfile_check_pub};
 			echo "-- Skip SSH Key creation: ${ssh_keygen_id}.pub";
 		else
+			# override previously set with stored one
+			ssh_keyfile_pub=${ssh_keyfile_check_pub};
 			echo " < Use existing public ssh key '${ssh_keygen_id}.pub'";
 			# Password already set notification
 		fi;
@@ -246,33 +299,64 @@ while read i; do
 	if [ ${skip_ssh} -eq 0 ]; then
 		# write login info to output file
 		if [ ${TEST} -eq 0 ]; then
-			create_output_file="${root_folder}${output_file}";
+			create_output_file="${ROOT_FOLDER}${output_file}";
 		else
-			create_output_file="${root_folder}${output_file}.TEST";
+			create_output_file="${ROOT_FOLDER}${output_file}.TEST";
 		fi;
 		echo $(date +"%F %T")";"${host}";"${_hostname}";"${username}";"${password}";"${ssh_allow_type} >> ${create_output_file};
+		# create folder only if we do not have central
 		# create the SSH foler and authorized access file with correct permissions
-		echo " > Create .ssh folder";
-		if [ ${TEST} -eq 0 ]; then
-			mkdir /home/${username}/.ssh/;
-		else
-			echo "$> mkdir /home/${username}/.ssh/";
+		if [ -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
+			echo " > Create .ssh folder";
+			if [ ${TEST} -eq 0 ]; then
+				mkdir ${HOME_FOLDER}${username}/.ssh/;
+			else
+				echo "$> mkdir ${HOME_FOLDER}${username}/.ssh/";
+			fi;
 		fi;
-		echo " > Add public into authorized_keys";
+		# add
+		echo " > Add public into authorized_keys file";
 		if [ ${TEST} -eq 0 ]; then
-			cat "${ssh_keyfile_pub}" > /home/${username}/.ssh/authorized_keys;
+			if
+				[ ! -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ] &&
+				[ -f "${SSH_AUTHORIZED_FILE}" ];
+			then
+				chattr -i ${SSH_AUTHORIZED_FILE};
+			fi;
+			cat "${ssh_keyfile_pub}" > ${SSH_AUTHORIZED_FILE};
 		else
-			echo "$> cat ${ssh_keyfile_pub} > /home/${username}/.ssh/authorized_keys";
+			if
+				[ ! -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ] &&
+				[ -f "${SSH_AUTHORIZED_FILE}" ];
+			then
+				echo "$> chattr -i ${SSH_AUTHORIZED_FILE}";
+			fi;
+			echo "$> cat ${ssh_keyfile_pub} > ${SSH_AUTHORIZED_FILE}";
 		fi;
-		echo " > Secure folder .ssh and authorized_keys file";
-		if [ ${TEST} -eq 0 ]; then
-			chown -R ${username}:${group} /home/${username}/.ssh/;
-			chmod 700 /home/${username}/.ssh/;
-			chmod 600 /home/${username}/.ssh/authorized_keys;
+		# secure
+		if [ -z "${SSH_CENTRAL_AUTHORIZED_FILE_FOLDER}" ]; then
+			echo " > Secure home directory folder .ssh and authorized_keys file";
+			if [ ${TEST} -eq 0 ]; then
+				chown -R ${username}:${group} ${HOME_FOLDER}${username}/.ssh/;
+				chmod 700 ${HOME_FOLDER}${username}/.ssh/;
+				chmod 600 ${SSH_AUTHORIZED_FILE};
+			else
+				echo "$> chown -R ${username}:${group} ${HOME_FOLDER}${username}/.ssh/";
+				echo "$> chmod 700 ${HOME_FOLDER}${username}/.ssh/";
+				echo "$> chmod 600 ${SSH_AUTHORIZED_FILE}";
+			fi;
 		else
-			echo "$> chown -R ${username}:${group} /home/${username}/.ssh/";
-			echo "$> chmod 700 /home/${username}/.ssh/";
-			echo "$> chmod 600 /home/${username}/.ssh/authorized_keys";
+			echo " > Secure central authorized_keys file";
+			if [ ${TEST} -eq 0 ]; then
+				chown ${username}:root ${SSH_AUTHORIZED_FILE};
+				chmod 400 ${SSH_AUTHORIZED_FILE};
+				# set +i so user can't change file
+				chattr +i ${SSH_AUTHORIZED_FILE};
+			else
+				echo "$> chown ${username}:root ${SSH_AUTHORIZED_FILE}";
+				echo "$> chmod 400 ${SSH_AUTHORIZED_FILE}";
+				echo "$> chattr +i ${SSH_AUTHORIZED_FILE}";
+			fi;
 		fi;
 	fi;
 done;
@@ -282,24 +366,33 @@ if [ ${INFO} -eq 1 ]; then
 	exit;
 fi;
 # zip everything and remove data in ssh key folder, delete output file with passwords
-zip -r \
-	"${root_folder}${output_zip_folder}${output_zip}" \
-	"${input_file}" \
-	"${output_file}" \
-	"${ssh_keygen_folder}" \
-	-x\*.gitignore;
-echo "Download: ${root_folder}${output_zip_folder}${output_zip}";
+if [ ${TEST} -eq 0 ]; then
+	zip -r \
+		"${ROOT_FOLDER}${output_zip_folder}${output_zip}" \
+		"${input_file}" \
+		"${output_file}" \
+		"${SSH_KEYGEN_FOLDER}" \
+		-x\*.gitignore;
+else
+	echo "zip -r \\"
+	echo "${ROOT_FOLDER}${output_zip_folder}${output_zip} \\"
+	echo "${input_file} \\"
+	echo "${output_file} \\"
+	echo "${SSH_KEYGEN_FOLDER} \\"
+	echo "-x\*.gitignore;"
+fi;
+echo "Download: ${ROOT_FOLDER}${output_zip_folder}${output_zip}";
 # cleam up user log file and ssh keys
 if [ ${TEST} -eq 0 ]; then
 	# move pub to created folders
-	mv "${root_folder}${ssh_keygen_folder}"*.pub "${root_folder}${ssh_keygen_folder_created_pub}";
+	mv "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}"*.pub "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER_CREATED_PUB}";
 	# delete the rest
-	rm "${root_folder}${output_file}";
-	rm "${root_folder}${ssh_keygen_folder}"*;
+	rm "${ROOT_FOLDER}${output_file}";
+	rm "${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}"*;
 else
-	echo "$> mv ${root_folder}${ssh_keygen_folder}*.pub ${root_folder}${ssh_keygen_folder_created_pub};";
-	echo "$> rm ${root_folder}${output_file}";
-	echo "$> rm ${root_folder}${ssh_keygen_folder}*";
+	echo "$> mv ${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}*.pub ${ROOT_FOLDER}${SSH_KEYGEN_FOLDER_CREATED_PUB};";
+	echo "$> rm ${ROOT_FOLDER}${output_file}";
+	echo "$> rm ${ROOT_FOLDER}${SSH_KEYGEN_FOLDER}*";
 fi;
 
 # __END__

config/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore