131 lines
4.2 KiB
Bash
Executable File
131 lines
4.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# * input file
|
|
# user_list.txt
|
|
# <ignored id>;<user name>;<group>[;optional override password]
|
|
# lines with # are skipped
|
|
# already created users are skipped
|
|
# * output file
|
|
# <date>;<target connect host name>;<username>;<password>
|
|
# If already existing PEM key is used then <password> is [ALREADY SET]
|
|
#
|
|
# * PEM KEY
|
|
# <group>-<user>.pem
|
|
# * PUBLIC KEY
|
|
# <group>-<user>.pem.pub
|
|
# store in
|
|
# ssh-keygen/
|
|
#
|
|
# If a previously exsting PEM key should be used, put the public pem file
|
|
# into the ssh-keygen/ folder
|
|
# They pem pub key must follow the set rules above
|
|
|
|
# SET TO 1 to TEST [will no create user/group/folder]
|
|
TEST=0;
|
|
# hostname for output file only
|
|
host=$(hostname);
|
|
# base folder for all data
|
|
root_folder=$(pwd)'/';
|
|
input_file='user_list.txt';
|
|
output_file='user_password.txt';
|
|
ssh_keygen_folder='ssh-keygen/';
|
|
# check if ssh key folder exists
|
|
if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
|
|
mkdir "${root_folder}${ssh_keygen_folder}";
|
|
fi;
|
|
# check if password generate software is installed
|
|
if [ ! command -v pwgen &> /dev/null ]; then
|
|
echo "Missing pwgen application, aborting";
|
|
exit;
|
|
fi;
|
|
# check if user list file exists
|
|
if [ ! -f "${root_folder}${input_file}" ]; then
|
|
echo "Missing ${root_folder}${input_file}";
|
|
exit;
|
|
fi;
|
|
# create users
|
|
cat "${root_folder}${input_file}" |
|
|
while read i; do
|
|
# skip rows start with # (comment)
|
|
if [[ "${i}" =~ ^# ]]; then
|
|
echo -e "";
|
|
else
|
|
user=$(echo "${i}" | cut -d ";" -f 2 | tr A-Z a-z);
|
|
group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z);
|
|
# user & group not set
|
|
if [ -z "${user}" ] || [ -z "${group}" ]; then
|
|
echo "[!!!!!] Missing user or group entry for ${user}/${group}";
|
|
echo "[ABORT RUN]"
|
|
break;
|
|
fi;
|
|
# do we have a password preset
|
|
_password=$(echo "${i}" | cut -d ";" -f 4);
|
|
# add group
|
|
if [ ${TEST} -eq 0 ]; then
|
|
groupadd -f ${group};
|
|
else
|
|
echo "$> groupadd -f ${group}";
|
|
fi;
|
|
# SSH key base name (removed ${host}- so we can use it more easy for multi server same key)
|
|
ssh_keygen_id="${group}-${user}.pem";
|
|
# check if user is not already created
|
|
if getent passwd ${user} > /dev/null 2>&1; then
|
|
echo "-- Skip '${user}:${group}'";
|
|
else
|
|
echo "++ Create '${user}:${group}'";
|
|
if [ ${TEST} -eq 0 ]; then
|
|
useradd -s /bin/bash -g ${group} -m ${user};
|
|
else
|
|
echo "$> useradd -s /bin/bash -g ${group} -m ${user}";
|
|
fi;
|
|
# if public pem already exists skip creation
|
|
if [ ! -f ${root_folder}${ssh_keygen_folder}${ssh_keygen_id}".pub" ]; then
|
|
# Note we only create a password if we need it
|
|
# password + store pwgen 10 1 -1
|
|
if [ -z "${_password}" ]; then
|
|
password=$(printf "%s" $(pwgen 10 1));
|
|
else
|
|
echo "! Override password set";
|
|
password=${_password};
|
|
fi;
|
|
# create SSH key
|
|
echo " > Create ssh key-pair '${root_folder}${ssh_keygen_folder}${ssh_keygen_id}'";
|
|
ssh-keygen -f ${root_folder}${ssh_keygen_folder}${ssh_keygen_id} -C "${host}: ${user}@${group}" -N "${password}"
|
|
else
|
|
echo " < Use existing public ssh key '${root_folder}${ssh_keygen_folder}${ssh_keygen_id}.pub'";
|
|
# Password already set notification
|
|
password="[ALREADY SET]";
|
|
fi;
|
|
# write login info to output file
|
|
echo $(date +"%F %T")";"${host}";"${user}";"${password} >> ${root_folder}${output_file};
|
|
# create the SSH foler and authorized access file with correct permissions
|
|
echo " > Create .ssh folder";
|
|
if [ ${TEST} -eq 0 ]; then
|
|
mkdir /home/${user}/.ssh/;
|
|
else
|
|
echo "$> mkdir /home/${user}/.ssh/";
|
|
fi;
|
|
echo " > Add public into authorized_keys";
|
|
if [ ${TEST} -eq 0 ]; then
|
|
cat ${root_folder}${ssh_keygen_folder}/${ssh_keygen_id}.pub > /home/${user}/.ssh/authorized_keys;
|
|
else
|
|
echo "$> cat ${root_folder}${ssh_keygen_folder}/${ssh_keygen_id}.pub > /home/${user}/.ssh/authorized_keys";
|
|
fi;
|
|
echo " > Secure folder .ssh and authorized_keys file";
|
|
if [ ${TEST} -eq 0 ]; then
|
|
chown -R ${user}:${group} /home/${user}/.ssh/;
|
|
chmod 700 /home/${user}/.ssh/;
|
|
chmod 600 /home/${user}/.ssh/authorized_keys;
|
|
else
|
|
echo "$> chown -R ${user}:${group} /home/${user}/.ssh/";
|
|
echo "$> chmod 700 /home/${user}/.ssh/";
|
|
echo "$> chmod 600 /home/${user}/.ssh/authorized_keys";
|
|
fi;
|
|
fi;
|
|
fi;
|
|
done;
|
|
|
|
if [ -f "${root_folder}${output_file}" ]; then
|
|
chmod 600 ${root_folder}${output_file};
|
|
fi;
|