ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v0.5.0
ServerUserCreate/Readme.md
Clemens Schwaighofer 95451f2e46 User creation scripts for aws servers
2021-12-14 06:50:13 +09:00

5.4 KiB
Raw Permalink Blame History

AWS User Creation

Two files to create new user entries with an SSH key and zip all the data for download

Setup

The application pwgen and zip must be installed.

Copy the two files 'user_create.sh', 'user_zip.sh' to any target folder on the target aws server. For exmaple /root/bin

$> mkdir /root/bin

Create a base folder where all the user lists and keys are stored. For example /root/users

$> mkdir /root/users

The script will automatically create /ssh-keygen as as sub folder to above set /root/users

User list creation

In the /root/users folder there needs to be a file called 'user_list.txt'

This is a CSV type file with the following layout

ID Username Group Optional Password

The ID, Username and Group column must be filled. If the password column is filled, the string from here will be used as the PEM Key password.

The ID can be any string in any form. It can also be left empty. It is not used at the moment

The file can hold comments. The first character in the line must be a #

Example file

user1;some.name;group-a
user2;othername;group-a
# I am a comment
;username;groupC;setpassword
...

User with existing PEM key

If we want to create a user that already has a PEM key or we want to have the user use the same PEM key for login we can copy the existing pub key into the ssh key folder

If the folder ssh-keygen does not exist, create it as as sub folder to the folder where the 'user_list.txt' is located

In our example

$> mkdir /root/users/ssh-keygen

The public PEM key file format is as followed

group name-user name.pem.pub

In the example above for user1 the file name would be for some.name and group-a

group-a-some.name.pem.pub

Copy this file into the ssh-keygen folder and add the user to the 'user_list.txt' file. This must be with the same name and group as set in the PEM public key.

Example:

PEM public key file is Bgroup-foobar.pem.pub Then the line for the 'user_list.txt' must be

[some user id];foobar;Bgroup

Note that [some user id] can be any string or left empty

Script run

The current directory MUST be the directory where 'user_list.txt' is stored.

$> cd /root/users

Then run the script without any options

$> /root/bin/user_create.sh

Sample output for above example file

++ Create 'some.name:group-a'
 > Create ssh key-pair '/root/users/ssh-keygen/group-a-some.name.pem'
Generating public/private rsa key pair.
Your identification has been saved in /root/users/ssh-keygen/group-a-some.name.pem.
Your public key has been saved in /root/users/ssh-keygen/group-a-some.name.pem.pub.
The key fingerprint is:
SHA256:Ufalh41IRLJTHZlsaEJVK5N7cOYhxRdqf3fCDxhHdCA egrp10070.globalad.org: some.name@group-a
The key's randomart image is:
+---[RSA 3072]----+
|       .o+O*E=*o.|
|        .Bo=B@.. |
|        +oB.&.+  |
|         o @ O   |
|        S . + = +|
|           .   =o|
|                .|
|                 |
|                 |
+----[SHA256]-----+
 > Create .ssh folder
 > Add public into authorized_keys
 > Secure folder .ssh and authorized_keys file

If the public pem file is already provided the output will be a bit different

++ Create 'some.name:group-a'
 < Use existing public ssh key '/root/users/ssh-keygen/group-a-some.name.pem.pub'
 > Create .ssh folder
 > Add public into authorized_keys
 > Secure folder .ssh and authorized_keys file

There is no SSH key generate output but Use existing public ssh key information line

If the user has been created, the creating will be skipped

-- Skip 'some.name:group-a'

Script output

The generated users and the passwords are stored in the 'user_password.txt' file

For above the output will be

2020-11-27 13:51:01;sever.hostname.org;some.name;Aeh9uph8Oo
2020-11-27 13:51:02;sever.hostname.org;othername;AePejoo9ch
2020-11-27 13:51:02;sever.hostname.org;username;setpassword

Note that the sever.hostname.org is set from the hostname of the server where the script is unr

If a existing pem public key is used, the entry for a new user will be

2020-11-27 13:53:18;sever.hostname.org;some.name;[ALREADY SET]

Not that the password field has now [ALREADY SET]

PEM key password reset

The SSH PEM key password can be reset or changed with

$> ssh-keygen -p -f [PEM].pem -P old_passphrase -N new_passphrase

To remove the password use this -N ""

NOTE

If the command is used like this it will be stored in the history file. For scurity reason it is recommended to not give the -P and -N options when changing the password.

Missing PUB key

The public key part can be extracted from the SSH PEM key with

$> ssh-keygen -y -f [PEM].pem > [PEM].pem.pub

[PEM] is the placeholder for the filename

Get the user data

To copy the user data with the SSH PEM file and password list the following command can be used. Like the create user command it MUST be run in the folder where the 'user_list.txt'

$> cd /root/users

The script needs to be run with one parameter that is the folder where the output file 'users.zip' is stored.

$> /root/bin/user_zip.sh [target folder]

In the [target folder] a file name 'users.zip' will be created. This file has the following data data inside

  • user_list.txt
  • user_password.txt
  • ssh-keygen/*.pem
  • ssh-keygen/*.pem.pub

When extracted this will NOT create a sub folder. Create a folder where to store this data on the local side is highly recommended

Reference in New Issue View Git Blame Copy Permalink