# AWS user create flow

**NOTE** The script will check in the /etc/ssh/sshd_config for `AuthorizedKeysFile` keyword with `/etc/ssh/authorized_keys/%u`. If this exists it will move the ssk keys from the users home folder the folder `/etc/ssh/authorized_keys` with the created username as file name

* Step 1: check if main group exists
* Step 2: Add user to user_list.txt

Very basic example with minimum settings:

SSH Type will default to EP25519

```txt
#user_id;user_name;group,subgroup;ssh access type;override password;override hostname;override ssh type
# 2022-12-12
1;test.foo;group-a;allow
```

* Step 3: run create script in root/users `bin/create_user.sh`

Not, if unsure use `-t` for testing or `-i` for info only.

Example output for `-i`:

```sh
$> bin/create_user.sh -i
User: 'test.foo:group-a();sshallow', SSH: hostname.com#grou-a#test.foo#ed25519.pem
```

Run output (example):

```sh
++ Create 'test.foo:group-a()'
! Override password set
 > Create ssh key-pair '/root/users/bin/../ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem'
Generating public/private ed25519 key pair.
Your identification has been saved in /root/users/bin/../ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem
Your public key has been saved in /root/users/bin/../ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem.pub
The key fingerprint is:
SHA256:IXiHXZrBGuMIHgU34L4DgAwLeFeX37AhQD69TOF1XZI hostname.com: test.foo@group-a
The key's randomart image is:
+--[ED25519 256]--+
|+ o++o+o+.o ...o.|
|*o+..+o*+Bo.  E. |
|++.+.o*+Xo =     |
|... ..o* oo .    |
|. .     S        |
| . .             |
|  o              |
|   .             |
|                 |
+----[SHA256]-----+
 > Create .ssh folder
 > Add public into authorized_keys
 > Secure folder .ssh and authorized_keys file
  adding: user_list.txt (stored 0%)
  adding: user_password.20221202-094351.txt (stored 0%)
  adding: ssh-keygen/ (stored 0%)
  adding: ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem (deflated 24%)
  adding: ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem.pub (deflated 2%)
Download: /root/users/bin/../zip/users.20221202-094351.zip
```

* Step 4: Move the zip file to a folder where you can download it

```sh
$> mv /root/users/bin/../zip/users.20221202-094351.zip /home/<admin user>/
```

* Step 5: Download ZIP file to local computer and extract

Overwrite user_list.txt file if it exists

In the zup file there are the following files:

* user_password.YYYYMMDD-HHmmss.txt (creation timestamp)
* ssh-keygen/hostname#group#user#keytype.pem
* ssh-keygen/hostname#group#user#keytype.pem.pub

The .pem key has to be given to the user, the pub key is for reference only

* Step 6: test login

In the folder where the data was extracted

```sh
ssh -i ssh-keygen/hostname#group#user#keytype.pem user@hostname
```

Hand over to the user:

* username
* hostname
* PEM key file
* PEM key password

If the password needs to be removed:

```sh
ssh-keygen -p -f ssh-keygen/hostname#group#user#keytype.pem -P <old password> -N ""
```