ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6ce9b40565684cd686f588b744fd15e5b40066cc
ServerUserCreate/bin/user_create.sh
Clemens Schwaighofer 6ce9b40565 Update AWS user create 
Has now -t option to turn test on off via command line.
If test is on no user or groups are created, only SSH keys and the zip
file.

Standard ssh key type is now ed25519 and the password gets set with -a
100 flag.

After creation all data is ziped into the zip/ folder for download and
all PEM/PUB/password files are deleted from the folder.

The old user_zip.sh file has been removed because of this.

The script now checks for zip program and zip/ folder existing.
Also base folder must be 600 and root set

The user list file has an update for host name override after the
password file.
If this is set then the server hostname will not be used for file names.
The file name is also back to include the host name but the type changed
to have "#" as separator (can be changed in file) and also ads the ssh
key type to the file
2022-03-09 14:52:14 +09:00

211 lines
6.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# * input file
# user_list.txt
# <ignored id>;<user name>;<group>[;override password][;override hostname]
# lines with # are skipped
# already created users are skipped
# * output file
# <date>;<target connect host name>;<hostname>;<username>;<password>
# If already existing PEM key is used then <password> is [ALREADY SET]
#
# * PEM KEY
# <hostname>%<group>%<user>%<ssh key type>.pem
# * PUBLIC KEY
# <hostname>%<group>%<user>%<ssh key type>.pem.pub
# stored as zip in
# zip/
#
# If a previously exsting PEM key should be used, put the public pem file
# into the ssh-keygen/ folder
# They pem pub key must follow the set rules above
# SET TO 1 to TEST [will no create user/group/folder]
TEST=0;
while getopts ":t" opt; do
case "${opt}" in
t|test)
TEST=1;
;;
esac;
done;
# hostname for output file only
host=$(hostname);
timesamp=$(date +%Y%m%d-%H%M%S)
# character to set getween info blocks
separator="#";
# base folder for all data
root_folder=$(pwd)'/';
input_file='user_list.txt';
output_file="user_password.${timesamp}.txt";
output_zip_folder='zip/';
output_zip="users.${timesamp}.zip"
ssh_keygen_folder='ssh-keygen/';
ssh_keytype='ed25519';
# check if ssh key folder exists
if [ ! -d "${root_folder}${ssh_keygen_folder}" ]; then
mkdir "${root_folder}${ssh_keygen_folder}";
fi;
# check if zip folder is missing
if [ ! -d "${root_folder}${output_zip_folder}" ]; then
mkdir "${root_folder}${output_zip_folder}";
fi;
# check if password generate software is installed
if [ ! command -v pwgen &> /dev/null ]; then
echo "Missing pwgen application, aborting";
exit;
fi;
# check for zip
if [ ! command -v zip &> /dev/null ]; then
echo "Missing zip application, aborting";
exit;
fi;
# check if user list file exists
if [ ! -f "${root_folder}${input_file}" ]; then
echo "Missing ${root_folder}${input_file}";
exit;
fi;
# make sure my own folder is owned by root and 600 (except for testing)
if [ $(stat -c %a .) != "600" ]; then
echo "!!!! RECOMMENDED TO HAVE BASE FOLDER SET TO '600' AND USER 'root' !!!!"
fi;
if [ $(whoami) != "root" ]; then
if [ ${TEST} -eq 0 ]; then
echo "Script must be run as root user";
exit;
else
echo "!!!! Script must be run as root user !!!!";
fi;
fi;
# create users
cat "${root_folder}${input_file}" |
while read i; do
# skip rows start with # (comment)
if [[ "${i}" =~ ^\# ]]; then
echo -e "";
else
# make lower case, remove spaces
user=$(echo "${i}" | cut -d ";" -f 2 | tr A-Z a-z | tr -d ' ');
_group=$(echo "${i}" | cut -d ";" -f 3 | tr A-Z a-z | tr -d ' ');
group=$(echo "${_group}" | cut -d "," -f 1);
sub_group="";
sub_group_opt="";
# check if "," inside and extract sub groups
if [ -z "${_group##*,*}" ]; then
sub_group=$(echo "${_group}" | cut -d "," -f 2-);
sub_group_opt=" -G ${sub_group}";
fi;
# override host name, lowercase and spaces removed
_hostname=$(echo "${i}" | cut -d ";" -f 5 | tr A-Z a-z | tr -d ' ');
if [ -z "${_hostname}" ]; then
hostname=${host};
else
hostname=${_hostname};
fi;
# do we have a password preset
_password=$(echo "${i}" | cut -d ";" -f 4);
# user & group not set
if [ -z "${user}" ] || [ -z "${_group}" ]; then
echo "[!!!!!] Missing user or group entry for ${user}/${_group}";
echo "[ABORT RUN]"
break;
fi;
# add group for each entry in _group
for create_group in ${_group//,/ }; do
if [ ${TEST} -eq 0 ]; then
groupadd -f ${create_group};
else
echo "$> groupadd -f ${create_group}";
fi;
done;
# SSH file name part without folder
ssh_keygen_id="${hostname}${separator}${group}${separator}${user}${separator}${ssh_keytype}.pem";
# the full file including folder name
ssh_keyfile="${root_folder}${ssh_keygen_folder}${ssh_keygen_id}";
# check if user is not already created
if getent passwd ${user} > /dev/null 2>&1; then
echo "-- Skip '${user}:${group}(${sub_group})'";
else
echo "++ Create '${user}:${group}(${sub_group})'";
if [ ${TEST} -eq 0 ]; then
useradd -s /bin/bash -g ${group}${sub_group_opt} -m ${user};
else
echo "$> useradd -s /bin/bash -g ${group}${sub_group_opt} -m ${user}";
fi;
fi;
skip_ssh=0;
# if public pem already exists skip creation
if [ ! -f "${ssh_keyfile}.pub" ]; then
# Note we only create a password if we need it
# password + store pwgen 10 1 -1
if [ -z "${_password}" ]; then
password=$(printf "%s" $(pwgen 10 1));
else
echo "! Override password set";
password=${_password};
fi;
# create SSH key
echo " > Create ssh key-pair '${ssh_keyfile}'";
ssh-keygen \
-t ${ssh_keytype} \
-f "${ssh_keyfile}" \
-C "${hostname}: ${user}@${group}" \
-a 100 -N "${password}"
else
found=$(grep "$(cat ${ssh_keyfile}.pub)" /home/${user}/.ssh/authorized_keys);
if [ ! -z "${found}" ]; then
skip_ssh=1;
echo "-- Skip SSH Key creation: ${ssh_keygen_id}.pub";
else
echo " < Use existing public ssh key '${ssh_keyfile}.pub'";
# Password already set notification
password="[ALREADY SET]";
fi;
fi;
if [ ${skip_ssh} -eq 0 ]; then
# write login info to output file
echo $(date +"%F %T")";"${host}";"${_hostname}";"${user}";"${password} >> ${root_folder}${output_file};
# create the SSH foler and authorized access file with correct permissions
echo " > Create .ssh folder";
if [ ${TEST} -eq 0 ]; then
mkdir /home/${user}/.ssh/;
else
echo "$> mkdir /home/${user}/.ssh/";
fi;
echo " > Add public into authorized_keys";
if [ ${TEST} -eq 0 ]; then
cat "${ssh_keyfile}.pub" > /home/${user}/.ssh/authorized_keys;
else
echo "$> cat ${ssh_keyfile}.pub > /home/${user}/.ssh/authorized_keys";
fi;
echo " > Secure folder .ssh and authorized_keys file";
if [ ${TEST} -eq 0 ]; then
chown -R ${user}:${group} /home/${user}/.ssh/;
chmod 700 /home/${user}/.ssh/;
chmod 600 /home/${user}/.ssh/authorized_keys;
else
echo "$> chown -R ${user}:${group} /home/${user}/.ssh/";
echo "$> chmod 700 /home/${user}/.ssh/";
echo "$> chmod 600 /home/${user}/.ssh/authorized_keys";
fi;
fi;
fi;
done;
# zip everything and remove data in ssh key folder, delete output file with passwords
zip -r \
"${root_folder}${output_zip_folder}${output_zip}" \
"${input_file}" \
"${output_file}" \
"${ssh_keygen_folder}" \
-x\*.gitignore;
echo "Download: ${root_folder}${output_zip_folder}${output_zip}";
# cleam up user log file and ssh keys
if [ ${TEST} -eq 0 ]; then
rm "${root_folder}${output_file}";
rm "${root_folder}${ssh_keygen_folder}"*;
else
echo "$> rm ${root_folder}${output_file}";
echo "$> rm ${root_folder}${ssh_keygen_folder}*";
fi;
Reference in New Issue View Git Blame Copy Permalink