#!/bin/bash # * input file # user_list.txt # ;;[;optional override password] # lines with # are skipped # already created users are skipped # * output file # ;;; # If already existing PEM key is used then is [ALREADY SET] # # * PEM KEY # -.pem # * PUBLIC KEY # -.pem.pub # store in # ssh-keygen/ # # If a previously exsting PEM key should be used, put the public pem file # into the ssh-keygen/ folder # They pem pub key must follow the set rules above # SET TO 1 to TEST [will no create user/group/folder] TEST=0; # hostname for output file only host=$(hostname); # base folder for all data root_folder=$(pwd)'/'; input_file='user_list.txt'; output_file='user_password.txt'; ssh_keygen_folder='ssh-keygen/'; # check if ssh key folder exists if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then mkdir "${root_folder}${ssh_keygen_folder}"; fi; # check if password generate software is installed if [ ! command -v pwgen &> /dev/null ]; then echo "Missing pwgen application, aborting"; exit; fi; # check if user list file exists if [ ! -f "${root_folder}${input_file}" ]; then echo "Missing ${root_folder}${input_file}"; exit; fi; # create users cat "${root_folder}${input_file}" | while read i; do # skip rows start with # (comment) if [[ "${i}" =~ ^# ]]; then echo -e ""; else user=$(echo "${i}" | cut -d ";" -f 2 | tr A-Z a-z); group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z); # user & group not set if [ -z "${user}" ] || [ -z "${group}" ]; then echo "[!!!!!] Missing user or group entry for ${user}/${group}"; echo "[ABORT RUN]" break; fi; # do we have a password preset _password=$(echo "${i}" | cut -d ";" -f 4); # add group if [ ${TEST} -eq 0 ]; then groupadd -f ${group}; else echo "$> groupadd -f ${group}"; fi; # SSH key base name (removed ${host}- so we can use it more easy for multi server same key) ssh_keygen_id="${group}-${user}.pem"; # check if user is not already created if getent passwd ${user} > /dev/null 2>&1; then echo "-- Skip '${user}:${group}'"; else echo "++ Create '${user}:${group}'"; if [ ${TEST} -eq 0 ]; then useradd -s /bin/bash -g ${group} -m ${user}; else echo "$> useradd -s /bin/bash -g ${group} -m ${user}"; fi; # if public pem already exists skip creation if [ ! -f ${root_folder}${ssh_keygen_folder}${ssh_keygen_id}".pub" ]; then # Note we only create a password if we need it # password + store pwgen 10 1 -1 if [ -z "${_password}" ]; then password=$(printf "%s" $(pwgen 10 1)); else echo "! Override password set"; password=${_password}; fi; # create SSH key echo " > Create ssh key-pair '${root_folder}${ssh_keygen_folder}${ssh_keygen_id}'"; ssh-keygen -f ${root_folder}${ssh_keygen_folder}${ssh_keygen_id} -C "${host}: ${user}@${group}" -N "${password}" else echo " < Use existing public ssh key '${root_folder}${ssh_keygen_folder}${ssh_keygen_id}.pub'"; # Password already set notification password="[ALREADY SET]"; fi; # write login info to output file echo $(date +"%F %T")";"${host}";"${user}";"${password} >> ${root_folder}${output_file}; # create the SSH foler and authorized access file with correct permissions echo " > Create .ssh folder"; if [ ${TEST} -eq 0 ]; then mkdir /home/${user}/.ssh/; else echo "$> mkdir /home/${user}/.ssh/"; fi; echo " > Add public into authorized_keys"; if [ ${TEST} -eq 0 ]; then cat ${root_folder}${ssh_keygen_folder}/${ssh_keygen_id}.pub > /home/${user}/.ssh/authorized_keys; else echo "$> cat ${root_folder}${ssh_keygen_folder}/${ssh_keygen_id}.pub > /home/${user}/.ssh/authorized_keys"; fi; echo " > Secure folder .ssh and authorized_keys file"; if [ ${TEST} -eq 0 ]; then chown -R ${user}:${group} /home/${user}/.ssh/; chmod 700 /home/${user}/.ssh/; chmod 600 /home/${user}/.ssh/authorized_keys; else echo "$> chown -R ${user}:${group} /home/${user}/.ssh/"; echo "$> chmod 700 /home/${user}/.ssh/"; echo "$> chmod 600 /home/${user}/.ssh/authorized_keys"; fi; fi; fi; done; if [ -f "${root_folder}${output_file}" ]; then chmod 600 ${root_folder}${output_file}; fi;