ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
971f9afdd5b232f893114a4af9003ffb33f3eeab
ServerUserCreate/Readme.md
Clemens Schwaighofer 971f9afdd5 Update user creation with keeping public key on the server 
With this I can check if I have added that key already to avoid ssh key
double creations
2022-03-09 15:27:46 +09:00

175 lines
5.2 KiB
Markdown
Raw Blame History

# AWS User Creation
Two files to create new user entries with an SSH key and zip all the data for download
## Setup
The application **pwgen** and **zip** must be installed.
Checkout the scripts from git into the `/root/` folder or any other folder.
The folder holding the script must be owned by *root* and have *600* permissions
```sh
cd /root/
git clone https://git.tequila.jp/ScriptsCollections/AwsUserCreate.git users
chown root. users
chgrp 600 users
```
## Folders
Inside the base folder there are
* ssh-keygen for temporary holding the PEM/PUB files
* zip file which holds the created user list, password and PEM/PUB files
## User list creation
In the `/root/users/` folder there needs to be a file called '*user_list.txt*'
This is a CSV type file with the following layout
ID | Username | Group | Optional Password | Override host name
-|-|-|-|-
The ID, Username and Group column must be filled.
For sub groups add them with a *,* The first group is the master group
If the password column is filled, the string from here will be used as the PEM Key password.
If a override hostname is set it will be used instead of `hostname`
The ID can be any string in any form.
It can also be left empty. It is not used at the moment
The file can hold comments. The first character in the line must be a *#*
Example file
```
user1;some.name;group-a;;hostname
user2;othername;group-a;;
# I am a comment
;username;groupC;setpassword;
...
```
### User with existing PEM key
If we want to create a user that already has a PEM key or we want to have the user use the same PEM key for login we can copy the existing pub key into the ssh key folder `ssh-keygen-created-pub`
The public PEM key file format is as followed
**hostname**#**main group name**#**user name**#**ssh key type**.pem.pub
In the example above for *user1* the file name would be for **some.name** and **group-a**
`hostname#group-a#some.name#ssh-keytype.pem.pub`
Copy this file into the ssh-keygen folder and add the user to the '*user_list.txt*' file.
This must be with the same name and group as set in the PEM public key.
Example:
PEM public key file is `hostname#Bgroup#foobar#ed25519.pem.pub`
Then the line for the '*user_list.txt*' must be
`[some user id];foobar;Bgroup;;`
Note that *[some user id]* can be any string or left empty
## Script run
The current directory **MUST** be the directory where '*user_list.txt*' is stored.
`$> cd /root/users`
Then run the script without any options
`$> /root/bin/user_create.sh`
Sample output for above example file
```
++ Create 'some.name:group-a'
> Create ssh key-pair '/root/users/ssh-keygen/hostname#group-a#some.name#ed25519.pem'
Generating public/private rsa key pair.
Your identification has been saved in /root/users/ssh-keygen/hostname#group-a#some.name#ed25519.pem.
Your public key has been saved in /root/users/ssh-keygen/hostname#group-a#some.name#ed25519.pem.pub.
The key fingerprint is:
SHA256:Ufalh41IRLJTHZlsaEJVK5N7cOYhxRdqf3fCDxhHdCA egrp10070.globalad.org: some.name@group-a
The key's randomart image is:
+---[RSA 3072]----+
| .o+O*E=*o.|
| .Bo=B@.. |
| +oB.&.+ |
| o @ O |
| S . + = +|
| . =o|
| .|
| |
| |
+----[SHA256]-----+
> Create .ssh folder
> Add public into authorized_keys
> Secure folder .ssh and authorized_keys file
```
If the public pem file is already provided the output will be a bit different
```
++ Create 'some.name:group-a'
< Use existing public ssh key '/root/users/ssh-keygen/hostname#group-a#some.name#ed25519.pem.pub'
> Create .ssh folder
> Add public into authorized_keys
> Secure folder .ssh and authorized_keys file
```
There is no SSH key generate output but *Use existing public ssh key* information line
If the user has been created, the creating will be skipped
```
-- Skip 'some.name:group-a'
```
## Script output
The generated users and the passwords are stored in the '*user_password.txt*' file
For above the output will be
```
2020-11-27 13:51:01;sever.hostname.org;hostname;some.name;Aeh9uph8Oo
2020-11-27 13:51:02;sever.hostname.org;;othername;AePejoo9ch
2020-11-27 13:51:02;sever.hostname.org;;username;setpassword
```
Note that the *sever.hostname.org* is set from the hostname of the server where the script is run
The name *hostname* is set if the hostname field in hser `user_list.txt` file is set
If a existing pem public key is used, the entry for a new user will be
```
2020-11-27 13:53:18;sever.hostname.org;;some.name;[ALREADY SET]
```
Not that the password field has now *[ALREADY SET]*
### PEM key password reset
The SSH PEM key password can be reset or changed with
`$> ssh-keygen -p -f [PEM].pem -P old_passphrase -N new_passphrase`
To remove the password use this `-N ""`
**NOTE**
If the command is used like this it will be stored in the history file.
For scurity reason it is recommended to not give the -P and -N options when changing the password.
### Missing PUB key
The public key part can be extracted from the SSH PEM key with
`$> ssh-keygen -y -f [PEM].pem > [PEM].pem.pub`
*[PEM]* is the placeholder for the filename
## Get the user data
In the `zip/` folder there is a file named `users.YYYYMMDD-hhmmss.zip`;
This file should be copied localy and then removed from the server
Reference in New Issue View Git Blame Copy Permalink