ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
ServerUserCreate/user_create_flow.md
Clemens Schwaighofer 571ddcc717 AWS user account management scripts updates 
- start option for create users (-g)
- delete user script
- update documentation
- user lock user script in check user flow output
- create user has check for valid username/group name
2023-08-07 07:29:24 +09:00

101 lines
2.9 KiB
Markdown
Raw Permalink Blame History

# AWS user create flow
**NOTE** The script will check in the /etc/ssh/sshd_config for `AuthorizedKeysFile` keyword with `/etc/ssh/authorized_keys/%u`. If this exists it will move the ssk keys from the users home folder the folder `/etc/ssh/authorized_keys` with the created username as file name
* Step 1: check if main group exists
* Step 2: Add user to user_list.txt
Very basic example with minimum settings:
SSH Type will default to EP25519
```txt
#user_id;user_name;group,subgroup;ssh access type;override password;override hostname;override ssh type
# 2022-12-12
1;test.foo;group-a;allow
```
* Step 3: run create script in root/users `bin/create_user.sh`
Not, if unsure use `-t` for testing or `-i` for info only.
Example output for `-i`:
```sh
$> bin/create_user.sh -i
User: 'test.foo:group-a();sshallow', SSH: hostname.com#grou-a#test.foo#ed25519.pem
```
Run output (example):
```sh
++ Create 'test.foo:group-a()'
! Override password set
> Create ssh key-pair '/root/users/bin/../ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem'
Generating public/private ed25519 key pair.
Your identification has been saved in /root/users/bin/../ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem
Your public key has been saved in /root/users/bin/../ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem.pub
The key fingerprint is:
SHA256:IXiHXZrBGuMIHgU34L4DgAwLeFeX37AhQD69TOF1XZI hostname.com: test.foo@group-a
The key's randomart image is:
+--[ED25519 256]--+
|+ o++o+o+.o ...o.|
|*o+..+o*+Bo. E. |
|++.+.o*+Xo = |
|... ..o* oo . |
|. . S |
| . . |
| o |
| . |
| |
+----[SHA256]-----+
> Create .ssh folder
> Add public into authorized_keys
> Secure folder .ssh and authorized_keys file
adding: user_list.txt (stored 0%)
adding: user_password.20221202-094351.txt (stored 0%)
adding: ssh-keygen/ (stored 0%)
adding: ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem (deflated 24%)
adding: ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem.pub (deflated 2%)
Download: /root/users/bin/../zip/users.20221202-094351.zip
```
* Step 4: Move the zip file to a folder where you can download it
```sh
$> mv /root/users/bin/../zip/users.20221202-094351.zip /home/<admin user>/
```
* Step 5: Download ZIP file to local computer and extract
Overwrite user_list.txt file if it exists
In the zup file there are the following files:
* user_password.YYYYMMDD-HHmmss.txt (creation timestamp)
* ssh-keygen/hostname#group#user#keytype.pem
* ssh-keygen/hostname#group#user#keytype.pem.pub
The .pem key has to be given to the user, the pub key is for reference only
* Step 6: test login
In the folder where the data was extracted
```sh
ssh -i ssh-keygen/hostname#group#user#keytype.pem user@hostname
```
Hand over to the user:
* username
* hostname
* PEM key file
* PEM key password
If the password needs to be removed:
```sh
ssh-keygen -p -f ssh-keygen/hostname#group#user#keytype.pem -P <old password> -N ""
```
Reference in New Issue View Git Blame Copy Permalink