Add Hostname to the check user data script

Logging of all output to log/ folder for check last login script user.
Also for delete, user script now outputs move from ssh allow to ssh
reject group.

.gitignore

@@ -1,4 +1,3 @@
 user_list.txt
-user_password.txt
-ssh-keygen/*
+user_password*.txt
 *.zip

Readme.md

@@ -6,29 +6,49 @@ Two files to create new user entries with an SSH key and zip all the data for do
 
 The application **pwgen** and **zip** must be installed.
 
-Copy the two files '*user_create.sh*', '*user_zip.sh*' to any target folder on the target aws server.
-For exmaple `/root/bin`
+Checkout the scripts from git into the `/root/` folder or any other folder.
+The folder holding the script must be owned by *root* and have *600* permissions
 
-`$> mkdir /root/bin`
+```sh
+cd /root/
+git clone https://git.tequila.jp/ScriptsCollections/AwsUserCreate.git users
+chown root. users
+chgrp 600 users
+```
 
-Create a base folder where all the user lists and keys are stored.
-For example `/root/users`
+Alternate download: `git clone http://gitlab-ap.factory.tools/scripts-collections/aws-user-create.git users`
 
-`$> mkdir /root/users`
+## Folders
 
-The script will automatically create `/ssh-keygen` as as sub folder to above set `/root/users`
+Inside the base folder there are
+* ssh-keygen for temporary holding the PEM/PUB files
+* zip file which holds the created user list, password and PEM/PUB files
+
+## Options
+
+### -t (test)
+
+Run in test mode. This will *NOT* create any groups or users. Nor will it create any ssh key files.
+`user_password` output file will be written with `.TEST` extension
+
+### -i (info)
+
+Do not created anything at all, just print out info strings
 
 ## User list creation
 
-In the `/root/users` folder there needs to be a file called '*user_list.txt*'
+In the `/root/users/` folder there needs to be a file called '*user_list.txt*'
 
 This is a CSV type file with the following layout
 
-ID | Username | Group | Optional Password
--|-|-|-
+ID | Username | Group | Optional Password | Override host name | Override ssh key type
+-|-|-|-|-|-
 
 The ID, Username and Group column must be filled.
+For sub groups add them with a *,* The first group is the master group
 If the password column is filled, the string from here will be used as the PEM Key password.
+If a override hostname is set it will be used instead of `hostname`
+If the ssh key type is set, it will override the default *ed25519* type. This is not recommended. Only *rsa* is allowed. This is for setting up backwards compatible lists.
 
 The ID can be any string in any form.
 It can also be left empty. It is not used at the moment
@@ -37,40 +57,34 @@ The file can hold comments. The first character in the line must be a *#*
 
 Example file
 ```
-user1;some.name;group-a
-user2;othername;group-a
+user1;some.name;group-a;;hostname
+user2;othername;group-a;;
 # I am a comment
-;username;groupC;setpassword
+;username;groupC;setpassword;
 ...
 ```
 
 ### User with existing PEM key
 
-If we want to create a user that already has a PEM key or we want to have the user use the same PEM key for login we can copy the existing pub key into the ssh key folder
-
-If the folder `ssh-keygen` does not exist, create it as as sub folder to the folder where the '*user_list.txt*' is located
-
-In our example
-
-`$> mkdir /root/users/ssh-keygen`
+If we want to create a user that already has a PEM key or we want to have the user use the same PEM key for login we can copy the existing pub key into the ssh key folder `ssh-keygen-created-pub`
 
 The public PEM key file format is as followed
 
-**group name**-**user name**.pem.pub
+**hostname**#**main group name**#**user name**#**ssh key type**.pem.pub
 
 In the example above for *user1* the file name would be for **some.name** and **group-a**
 
-`group-a-some.name.pem.pub`
+`hostname#group-a#some.name#ssh-keytype.pem.pub`
 
 Copy this file into the ssh-keygen folder and add the user to the '*user_list.txt*' file.
 This must be with the same name and group as set in the PEM public key.
 
 Example:
 
-PEM public key file is `Bgroup-foobar.pem.pub`
+PEM public key file is `hostname#Bgroup#foobar#ed25519.pem.pub`
 Then the line for the '*user_list.txt*' must be
 
-`[some user id];foobar;Bgroup`
+`[some user id];foobar;Bgroup;;`
 
 Note that *[some user id]* can be any string or left empty
 
@@ -87,10 +101,10 @@ Then run the script without any options
 Sample output for above example file
 ```
 ++ Create 'some.name:group-a'
- > Create ssh key-pair '/root/users/ssh-keygen/group-a-some.name.pem'
+ > Create ssh key-pair '/root/users/ssh-keygen/hostname#group-a#some.name#ed25519.pem'
 Generating public/private rsa key pair.
-Your identification has been saved in /root/users/ssh-keygen/group-a-some.name.pem.
-Your public key has been saved in /root/users/ssh-keygen/group-a-some.name.pem.pub.
+Your identification has been saved in /root/users/ssh-keygen/hostname#group-a#some.name#ed25519.pem.
+Your public key has been saved in /root/users/ssh-keygen/hostname#group-a#some.name#ed25519.pem.pub.
 The key fingerprint is:
 SHA256:Ufalh41IRLJTHZlsaEJVK5N7cOYhxRdqf3fCDxhHdCA egrp10070.globalad.org: some.name@group-a
 The key's randomart image is:
@@ -113,7 +127,7 @@ The key's randomart image is:
 If the public pem file is already provided the output will be a bit different
 ```
 ++ Create 'some.name:group-a'
- < Use existing public ssh key '/root/users/ssh-keygen/group-a-some.name.pem.pub'
+ < Use existing public ssh key '/root/users/ssh-keygen/hostname#group-a#some.name#ed25519.pem.pub'
  > Create .ssh folder
  > Add public into authorized_keys
  > Secure folder .ssh and authorized_keys file
@@ -128,24 +142,36 @@ If the user has been created, the creating will be skipped
 
 ## Script output
 
-The generated users and the passwords are stored in the '*user_password.txt*' file
+The generated users and the passwords are stored in the '*user_password.YYYYMMDD-hhmmss.txt*' file
 
 For above the output will be
 ```
-2020-11-27 13:51:01;sever.hostname.org;some.name;Aeh9uph8Oo
-2020-11-27 13:51:02;sever.hostname.org;othername;AePejoo9ch
-2020-11-27 13:51:02;sever.hostname.org;username;setpassword
+2020-11-27 13:51:01;sever.hostname.org;hostname;some.name;Aeh9uph8Oo
+2020-11-27 13:51:02;sever.hostname.org;;othername;AePejoo9ch
+2020-11-27 13:51:02;sever.hostname.org;;username;setpassword
 ```
 
-Note that the *sever.hostname.org* is set from the hostname of the server where the script is unr
+Note that the *sever.hostname.org* is set from the hostname of the server where the script is run
+The name *hostname* is set if the hostname field in hser `user_list.txt` file is set
 
 If a existing pem public key is used, the entry for a new user will be
 ```
-2020-11-27 13:53:18;sever.hostname.org;some.name;[ALREADY SET]
+2020-11-27 13:53:18;sever.hostname.org;;some.name;[ALREADY SET]
 ```
 
 Not that the password field has now *[ALREADY SET]*
 
+## Get the user data
+
+In the `zip/` folder there is a file named `users.YYYYMMDD-hhmmss.zip`;
+This file should be copied localy and then removed from the server
+
+**NOTE** Do not remove the public key data in `ssh-keygen-created-pub/` or the script will create new keys for users in the `user_list.txt` file
+
+## SSH helper
+
+change password or extract public key from pem file
+
 ### PEM key password reset
 
 The SSH PEM key password can be reset or changed with
@@ -166,24 +192,3 @@ The public key part can be extracted from the SSH PEM key with
 `$> ssh-keygen -y -f [PEM].pem > [PEM].pem.pub`
 
 *[PEM]* is the placeholder for the filename
-
-## Get the user data
-
-To copy the user data with the SSH PEM file and password list the following command can be used.
-Like the create user command it **MUST** be run in the folder where the '*user_list.txt*'
-
-`$> cd /root/users`
-
-The script needs to be run with one parameter that is the folder where the output file '*users.zip*' is stored.
-
-`$> /root/bin/user_zip.sh [target folder]`
-
-In the *[target folder]* a file name '*users.zip*' will be created.
-This file has the following data data inside
-- user_list.txt
-- user_password.txt
-- ssh-keygen/*.pem
-- ssh-keygen/*.pem.pub
-
-When extracted this will **NOT** create a sub folder.
-Create a folder where to store this data on the local side is highly recommended

bin/check_last_login.sh

@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+
+# Checks for last access of users in sshallow group
+# if user login >30days, remoe user from sshallow group and write log
+
+# base folder
+BASE_FOLDER=$(dirname $(readlink -f $0))"/";
+# which group holds the ssh allowed login users (outside of admin users)
+ssh_group='sshallow';
+ssh_reject_group='sshreject';
+# date now for compare
+now=$(date +"%s");
+# max age for last login or account create without login
+max_age_login=60;
+max_age_create=30;
+# one day in seconds
+day=86400;
+# delete account strings
+delete_accounts="";
+user_group_tpl="deluser %s %s;adduser %s %s;";
+# log base folder
+LOG="${BASE_FOLDER}/../log";
+
+if [ $(whoami) != "root" ]; then
+	echo "Script must be run as root user";
+	exit;
+fi;
+if [ ! -d "${LOG}" ]; then
+	echo "log folder ${LOG} not found";
+	exit;
+fi;
+LOG="${LOG}/check_ssh_user."$(date +"%F_%H%m%S")".log";
+exec &> >(tee -a "${LOG}");
+echo "[START] =============>";
+echo "Hostname          : "$(hostname);
+echo "Run date          : "$(date +"%F %T");
+echo "Max age last login: ${max_age_login} days";
+echo "Max age no login  : ${max_age_create} days";
+for user in $(cat /etc/group|grep "${ssh_group}:" | cut -d ":" -f 4 | sed -e 's/,/ /g'); do
+# for user in clemens test42; do
+	account_age=0;
+	delete_user=0;
+	out_string="";
+	#echo "* Checking user ${user}";
+	# check user create time, if we have set it in comment
+	user_create_date=$(cat /etc/passwd | grep "${user}:" | cut -d ":" -f 5);
+	# if empty try last password set time
+	if [ -z "${user_create_date}" ]; then
+		# user L 11/09/2020 0 99999 7 -1
+		user_create_date=$(passwd -S ${user} | cut -d " " -f 3);
+	fi;
+	# last try is user home .bash_logout
+	if [ -z "${user_create_date}" ]; then
+		home_dir=$(cat /etc/passwd | grep "${user}:" | cut -d ":" -f 6)"/.bash_logout";
+		user_create_date=$(stat -c %Z "${home_dir}");
+	fi;
+	# Username         Port     From             Latest
+	# user             pts/35   10.110.160.230   Wed Nov  2 09:40:35 +0900 2022
+	last_login_string=$(lastlog -u ${user} | sed 1d);
+	search="Never logged in";
+	# if we have "** Never logged in**" the user never logged in
+	if [ ! -z "${last_login_string##*$search*}" ]; then
+		# find \w{3} \w{3} [\s\d]{2} \d{2}:\d{2}:\d{2} \+\d{4} \d{4}
+		# awk '{for(i=4;i<=NF;++i)printf $i FS}'
+		last_login_date=$(echo "${last_login_string}" | awk '{for(i=4;i<=NF;++i)printf $i FS}' | date +"%s" -f -);
+		# date -d "Wed Nov  2 09:40:35 +0900 2022" +%s
+		last_login=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${last_login_date} ${day}");
+		if [ ${last_login} -gt ${max_age_login} ]; then
+			out_string="[!] last logged in ${last_login} days ago";
+			delete_user=1;
+		else
+			out_string="OK";
+		fi;
+	elif [ ! -z "${user_create_date}" ]; then
+		user_create_date=$(echo "${user_create_date}" | date +"%s" -f -);
+		# if all empty, we continue with only check if user has last login date
+		# else get days since creation
+		#account_age=$[ ($(date +"%s")-$(date -d "${user_create_date}" +"%s"))/24 ];
+		account_age=$(awk '{printf("%.0f\n",($1-$2)/$3)}' <<<"${now} ${user_create_date} ${day}");
+		if [ ${account_age} -gt ${max_age_create} ]; then
+			out_string="[!] Never logged in, account created ${account_age} days ago";
+			delete_user=1;
+		else
+			out_string="OK";
+		fi;
+	else
+		out_string="[!!!] Never logged in and we have no create date";
+	fi;
+	# build delete output
+	if [ ${delete_user} = 1 ]; then
+		delete_accounts="${delete_accounts}"$(printf "${user_group_tpl}" "${user}" "${ssh_group}" "${user}" "${ssh_reject_group}")$'\n';
+	fi;
+	printf "* Checking user %-20s: %s\n" "${user}" "${out_string}";
+done;
+if [ ! -z "${delete_accounts}" ]; then
+	echo "--------------------->"
+	echo "% Run list below to move users to reject ssh group";
+	echo "";
+	echo "${delete_accounts}";
+fi;
+echo "[END] ===============>"
+
+# __END__

bin/user_create.sh

@@ -0,0 +1,268 @@
+#!/usr/bin/env bash
+
+# * input file
+# user_list.txt
+# <ignored id>;<user name>;<group>[,sub group,sub group];[override password];[override hostname];[override ssh key type]
+# lines with # are skipped
+# already created users are skipped
+# Mandatory: <ignored id>;<user name>;<group>
+# * output file
+# <date>;<target connect host name>;<hostname>;<username>;<password>
+# If already existing PEM key is used then <password> is [ALREADY SET]
+#
+# * PEM KEY
+# <hostname>#<group>#<user>#<ssh key type>.pem
+# * PUBLIC KEY
+# <hostname>#<group>#<user>#<ssh key type>.pem.pub
+# stored as zip in
+# zip/
+#
+# If a previously exsting PEM key should be used, put the public pem file
+# into the ssh-keygen/ folder
+# They pem pub key must follow the set rules above
+
+# SET TO 1 to TEST [will no create user/group/folder]
+TEST=0; # no creation except ssh keys
+INFO=0; # no creation of anything, just print info strings
+while getopts ":ti" opt; do
+	case "${opt}" in
+		t|test)
+			TEST=1;
+			;;
+		i|info)
+			INFO=1;
+			;;
+	esac;
+done;
+# hostname for output file only
+host=$(hostname);
+timestamp=$(date +%Y%m%d-%H%M%S)
+# character to set getween info blocks
+separator="#";
+# base folder for all data
+root_folder=$(pwd)'/';
+input_file='user_list.txt';
+output_file="user_password.${timestamp}.txt";
+output_zip_folder='zip/';
+output_zip="users.${timestamp}.zip"
+ssh_keygen_folder='ssh-keygen/';
+ssh_keygen_folder_created_pub='ssh-keygen-created-pub/';
+ssh_keytype='ed25519';
+ssh_group='sshallow';
+# check if ssh key folder exists
+if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
+	mkdir "${root_folder}${ssh_keygen_folder}";
+fi;
+# check if zip folder is missing
+if [ ! -d "${root_folder}${output_zip_folder}" ]; then
+	mkdir "${root_folder}${output_zip_folder}";
+fi;
+# check if password generate software is installed
+if [ ! command -v pwgen &> /dev/null ]; then
+	echo "Missing pwgen application, aborting";
+	exit;
+fi;
+# check for zip
+if [ ! command -v zip &> /dev/null ]; then
+	echo "Missing zip application, aborting";
+	exit;
+fi;
+# check if sshallow group exists
+if [ -z $(cat /etc/group|grep "${ssh_group}:") ]; then
+	echo "Missing ssh access group: ${ssh_group}";
+	exit;
+fi;
+# check if user list file exists
+if [ ! -f "${root_folder}${input_file}" ]; then
+	echo "Missing ${root_folder}${input_file}";
+	exit;
+fi;
+exit;
+# make sure my own folder is owned by root and 600 (except for testing)
+if [ $(stat -c %a .) != "600" ]; then
+	echo "!!!! RECOMMENDED TO HAVE BASE FOLDER SET TO '600' AND USER 'root' !!!!"
+fi;
+if [ $(whoami) != "root" ]; then
+	if [ ${TEST} -eq 0 ] && [ ${INFO} -eq 0 ]; then
+		echo "Script must be run as root user";
+		exit;
+	else
+		echo "!!!! Script must be run as root user !!!!";
+	fi;
+fi;
+# create users
+cat "${root_folder}${input_file}" |
+while read i; do
+	# skip rows start with # (comment)
+	if [[ "${i}" =~ ^\# ]]; then
+		continue;
+	fi;
+	# make lower case, remove spaces
+	user=$(echo "${i}" | cut -d ";" -f 2 | tr A-Z a-z | tr -d ' ');
+	_group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z | tr -d ' ');
+	group=$(echo "${_group}" | cut -d "," -f 1);
+	sub_group="";
+	# sshallow group is always added
+	sub_group_opt=" -G ${ssh_group}";
+	# check if "," inside and extract sub groups
+	if [ -z "${_group##*,*}" ]; then
+		sub_group=$(echo "${_group}" | cut -d "," -f 2-);
+		sub_group_opt=" -G ${sub_group}";
+	fi;
+	# override host name, lowercase and spaces removed
+	_hostname=$(echo "${i}" | cut -d ";" -f 5 | tr A-Z a-z | tr -d ' ');
+	if [ -z "${_hostname}" ]; then
+		hostname=${host};
+	else
+		hostname=${_hostname};
+	fi;
+			# do we have a password preset
+	_password=$(echo "${i}" | cut -d ";" -f 4);
+	_ssh_keytype=$(echo "${i}" | cut -d ";" -f 6 | tr A-Z a-z | tr -d ' ');
+	if [ "${_ssh_keytype}" = "rsa" ]; then
+		ssh_keytype="${_ssh_keytype}";
+		#echo "[!!] BACKWARDS COMPATIBLE RSA TYPE SELECTION [!!]";
+	fi;
+	# user & group not set
+	if [ -z "${user}" ] || [ -z "${_group}" ]; then
+		echo "[!!!!!] Missing user or group entry for ${user}/${_group}";
+		echo "[*** ABORT RUN ***]"
+		break;
+	fi;
+	# SSH file name part without folder
+	ssh_keygen_id="${hostname}${separator}${group}${separator}${user}${separator}${ssh_keytype}.pem";
+	# the full file including folder name
+	ssh_keyfile="${root_folder}${ssh_keygen_folder}${ssh_keygen_id}";
+	# publ file if new
+	ssh_keyfile_pub="${ssh_keyfile}.pub";
+	# check existing pub file
+	ssh_keyfile_check_pub="${root_folder}${ssh_keygen_folder_created_pub}${ssh_keygen_id}.pub";
+
+	if [ ${INFO} -eq 1 ]; then
+		# test if pub file exists or not, test if user exists
+		echo -n "User: '${user}:${group}(${sub_group})', SSH: ${ssh_keygen_id}";
+		if getent passwd ${user} > /dev/null 2>&1; then
+			echo -n ", User exists";
+		fi;
+		if [ -f "${ssh_keyfile_check_pub}" ]; then
+			echo -n ", SSH Pub key OK";
+		fi;
+		# line break
+		echo "";
+		continue;
+	fi;
+
+	# add group for each entry in _group
+	for create_group in ${_group//,/ }; do
+		if [ ${TEST} -eq 0 ]; then
+			groupadd -f ${create_group};
+		else
+			echo "$> groupadd -f ${create_group}";
+		fi;
+	done;
+	# check if user is not already created
+	if getent passwd ${user} > /dev/null 2>&1; then
+		echo "-- Skip '${user}:${group}(${sub_group})'";
+	else
+		echo "++ Create '${user}:${group}(${sub_group})'";
+		if [ ${TEST} -eq 0 ]; then
+			# comment is user create time
+			useradd -c `date +"%F"` -s /bin/bash -g ${group}${sub_group_opt} -m ${user};
+		else
+			echo "$> useradd -s /bin/bash -g ${group}${sub_group_opt} -m ${user}";
+		fi;
+	fi;
+	skip_ssh=0;
+	# if public pem already exists skip creation
+	if [ ! -f "${ssh_keyfile_check_pub}" ]; then
+		# Note we only create a password if we need it
+		# password + store pwgen 10 1 -1
+		if [ -z "${_password}" ]; then
+			password=$(printf "%s" $(pwgen 10 1));
+		else
+			echo "! Override password set";
+			password=${_password};
+		fi;
+		# create SSH key
+		echo " > Create ssh key-pair '${ssh_keyfile}'";
+		if [ ${TEST} -eq 0 ]; then
+			ssh-keygen \
+				-t ${ssh_keytype} \
+				-f "${ssh_keyfile}" \
+				-C "${hostname}: ${user}@${group}" \
+				-a 100 -N "${password}"
+		else
+			echo "$> ssh-keygen -t ${ssh_keytype} -f ${ssh_keyfile} -C ${hostname}: ${user}@${group} -a 100 -N ${password}";
+		fi;
+	else
+		found=$(grep "$(cat ${ssh_keyfile_check_pub})" /home/${user}/.ssh/authorized_keys);
+		if [ ! -z "${found}" ]; then
+			skip_ssh=1;
+			# override previously set with stored one
+			ssh_keyfile_pub=${ssh_keyfile_check_pub};
+			echo "-- Skip SSH Key creation: ${ssh_keygen_id}.pub";
+		else
+			echo " < Use existing public ssh key '${ssh_keygen_id}.pub'";
+			# Password already set notification
+		fi;
+		password="[ALREADY SET]";
+	fi;
+	if [ ${skip_ssh} -eq 0 ]; then
+		# write login info to output file
+		if [ ${TEST} -eq 0 ]; then
+			echo $(date +"%F %T")";"${host}";"${_hostname}";"${user}";"${password} >> ${root_folder}${output_file};
+		else
+			echo $(date +"%F %T")";"${host}";"${_hostname}";"${user}";"${password} >> ${root_folder}${output_file}".TEST";
+		fi;
+		# create the SSH foler and authorized access file with correct permissions
+		echo " > Create .ssh folder";
+		if [ ${TEST} -eq 0 ]; then
+			mkdir /home/${user}/.ssh/;
+		else
+			echo "$> mkdir /home/${user}/.ssh/";
+		fi;
+		echo " > Add public into authorized_keys";
+		if [ ${TEST} -eq 0 ]; then
+			cat "${ssh_keyfile_pub}" > /home/${user}/.ssh/authorized_keys;
+		else
+			echo "$> cat ${ssh_keyfile_pub} > /home/${user}/.ssh/authorized_keys";
+		fi;
+		echo " > Secure folder .ssh and authorized_keys file";
+		if [ ${TEST} -eq 0 ]; then
+			chown -R ${user}:${group} /home/${user}/.ssh/;
+			chmod 700 /home/${user}/.ssh/;
+			chmod 600 /home/${user}/.ssh/authorized_keys;
+		else
+			echo "$> chown -R ${user}:${group} /home/${user}/.ssh/";
+			echo "$> chmod 700 /home/${user}/.ssh/";
+			echo "$> chmod 600 /home/${user}/.ssh/authorized_keys";
+		fi;
+	fi;
+done;
+
+# End before anything because this is just info run
+if [ ${INFO} -eq 1 ]; then
+	exit;
+fi;
+# zip everything and remove data in ssh key folder, delete output file with passwords
+zip -r \
+	"${root_folder}${output_zip_folder}${output_zip}" \
+	"${input_file}" \
+	"${output_file}" \
+	"${ssh_keygen_folder}" \
+	-x\*.gitignore;
+echo "Download: ${root_folder}${output_zip_folder}${output_zip}";
+# cleam up user log file and ssh keys
+if [ ${TEST} -eq 0 ]; then
+	# move pub to created folders
+	mv "${root_folder}${ssh_keygen_folder}"*.pub "${root_folder}${ssh_keygen_folder_created_pub}";
+	# delete the rest
+	rm "${root_folder}${output_file}";
+	rm "${root_folder}${ssh_keygen_folder}"*;
+else
+	echo "$> mv ${root_folder}${ssh_keygen_folder}*.pub ${root_folder}${ssh_keygen_folder_created_pub};";
+	echo "$> rm ${root_folder}${output_file}";
+	echo "$> rm ${root_folder}${ssh_keygen_folder}*";
+fi;
+
+# __END__

log/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

ssh-keygen-created-pub/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

ssh-keygen/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

user_create.sh

@@ -1,130 +0,0 @@
-#!/bin/bash
-
-# * input file
-# user_list.txt
-# <ignored id>;<user name>;<group>[;optional override password]
-# lines with # are skipped
-# already created users are skipped
-# * output file
-# <date>;<target connect host name>;<username>;<password>
-# If already existing PEM key is used then <password> is [ALREADY SET]
-#
-# * PEM KEY
-# <group>-<user>.pem
-# * PUBLIC KEY
-# <group>-<user>.pem.pub
-# store in
-# ssh-keygen/
-#
-# If a previously exsting PEM key should be used, put the public pem file
-# into the ssh-keygen/ folder
-# They pem pub key must follow the set rules above
-
-# SET TO 1 to TEST [will no create user/group/folder]
-TEST=0;
-# hostname for output file only
-host=$(hostname);
-# base folder for all data
-root_folder=$(pwd)'/';
-input_file='user_list.txt';
-output_file='user_password.txt';
-ssh_keygen_folder='ssh-keygen/';
-# check if ssh key folder exists
-if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
-	mkdir "${root_folder}${ssh_keygen_folder}";
-fi;
-# check if password generate software is installed
-if [ ! command -v pwgen &> /dev/null ]; then
-	echo "Missing pwgen application, aborting";
-	exit;
-fi;
-# check if user list file exists
-if [ ! -f "${root_folder}${input_file}" ]; then
-	echo "Missing ${root_folder}${input_file}";
-	exit;
-fi;
-# create users
-cat "${root_folder}${input_file}" |
-while read i; do
-	# skip rows start with # (comment)
-	if [[ "${i}" =~ ^# ]]; then
-		echo -e "";
-	else
-		user=$(echo "${i}" | cut -d ";" -f 2 | tr A-Z a-z);
-		group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z);
-		# user & group not set
-		if [ -z "${user}" ] || [ -z "${group}" ]; then
-			echo "[!!!!!] Missing user or group entry for ${user}/${group}";
-			echo "[ABORT RUN]"
-			break;
-		fi;
-		# do we have a password preset
-		_password=$(echo "${i}" | cut -d ";" -f 4);
-		# add group
-		if [ ${TEST} -eq 0 ]; then
-			groupadd -f ${group};
-		else
-			echo "$> groupadd -f ${group}";
-		fi;
-		# SSH key base name (removed ${host}- so we can use it more easy for multi server same key)
-		ssh_keygen_id="${group}-${user}.pem";
-		# check if user is not already created
-		if getent passwd ${user} > /dev/null 2>&1; then
-			echo "-- Skip '${user}:${group}'";
-		else
-			echo "++ Create '${user}:${group}'";
-			if [ ${TEST} -eq 0 ]; then
-				useradd -s /bin/bash -g ${group} -m ${user};
-			else
-				echo "$> useradd -s /bin/bash -g ${group} -m ${user}";
-			fi;
-			# if public pem already exists skip creation
-			if [ ! -f ${root_folder}${ssh_keygen_folder}${ssh_keygen_id}".pub" ]; then
-				# Note we only create a password if we need it
-				# password + store pwgen 10 1 -1
-				if [ -z "${_password}" ]; then
-					password=$(printf "%s" $(pwgen 10 1));
-				else
-					echo "! Override password set";
-					password=${_password};
-				fi;
-				# create SSH key
-				echo " > Create ssh key-pair '${root_folder}${ssh_keygen_folder}${ssh_keygen_id}'";
-				ssh-keygen -f ${root_folder}${ssh_keygen_folder}${ssh_keygen_id} -C "${host}: ${user}@${group}" -N "${password}"
-			else
-				echo " < Use existing public ssh key '${root_folder}${ssh_keygen_folder}${ssh_keygen_id}.pub'";
-				# Password already set notification
-				password="[ALREADY SET]";
-			fi;
-			# write login info to output file
-			echo $(date +"%F %T")";"${host}";"${user}";"${password} >> ${root_folder}${output_file};
-			# create the SSH foler and authorized access file with correct permissions
-			echo " > Create .ssh folder";
-			if [ ${TEST} -eq 0 ]; then
-				mkdir /home/${user}/.ssh/;
-			else
-				echo "$> mkdir /home/${user}/.ssh/";
-			fi;
-			echo " > Add public into authorized_keys";
-			if [ ${TEST} -eq 0 ]; then
-				cat ${root_folder}${ssh_keygen_folder}/${ssh_keygen_id}.pub > /home/${user}/.ssh/authorized_keys;
-			else
-				echo "$> cat ${root_folder}${ssh_keygen_folder}/${ssh_keygen_id}.pub > /home/${user}/.ssh/authorized_keys";
-			fi;
-			echo " > Secure folder .ssh and authorized_keys file";
-			if [ ${TEST} -eq 0 ]; then
-				chown -R ${user}:${group} /home/${user}/.ssh/;
-				chmod 700 /home/${user}/.ssh/;
-				chmod 600 /home/${user}/.ssh/authorized_keys;
-			else
-				echo "$> chown -R ${user}:${group} /home/${user}/.ssh/";
-				echo "$> chmod 700 /home/${user}/.ssh/";
-				echo "$> chmod 600 /home/${user}/.ssh/authorized_keys";
-			fi;
-		fi;
-	fi;
-done;
-
-if [ -f "${root_folder}${output_file}" ]; then
-	chmod 600 ${root_folder}${output_file};
-fi;

user_list.txt-sample

@@ -0,0 +1 @@
+#user_id;user_name;group,subgroup;override password;override hostname;override ssh type

user_zip.sh

@@ -1,19 +0,0 @@
-#!/bin/bash
-
-root_folder=$(pwd)'/';
-
-if [ ! command -v zip &> /dev/null ]; then
-	echo "Missing zip application, aborting";
-	exit;
-fi;
-
-# arg 1 must be valid path to where we store the zip file
-if [ ! -d "${1}" ]; then
-	echo "${1} is not a valid path";
-	exit;
-fi;
-
-# zip key folder, user list, user password into users.zip
-echo "Zipping data to: ${1}/users.zip"
-$(cd "${root_folder}"; zip -FSr "${1}/users.zip" "user_list.txt" "user_password.txt" "ssh-keygen/");
-echo "Data zipped";

zip/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore