ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v1.1.0
ServerUserCreate/user_create_flow.md
Clemens Schwaighofer 571ddcc717 AWS user account management scripts updates 
- start option for create users (-g)
- delete user script
- update documentation
- user lock user script in check user flow output
- create user has check for valid username/group name
2023-08-07 07:29:24 +09:00

2.9 KiB
Raw Permalink Blame History

AWS user create flow

NOTE The script will check in the /etc/ssh/sshd_config for AuthorizedKeysFile keyword with /etc/ssh/authorized_keys/%u. If this exists it will move the ssk keys from the users home folder the folder /etc/ssh/authorized_keys with the created username as file name

  • Step 1: check if main group exists
  • Step 2: Add user to user_list.txt

Very basic example with minimum settings:

SSH Type will default to EP25519

#user_id;user_name;group,subgroup;ssh access type;override password;override hostname;override ssh type
# 2022-12-12
1;test.foo;group-a;allow
  • Step 3: run create script in root/users bin/create_user.sh

Not, if unsure use -t for testing or -i for info only.

Example output for -i:

$> bin/create_user.sh -i
User: 'test.foo:group-a();sshallow', SSH: hostname.com#grou-a#test.foo#ed25519.pem

Run output (example):

++ Create 'test.foo:group-a()'
! Override password set
 > Create ssh key-pair '/root/users/bin/../ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem'
Generating public/private ed25519 key pair.
Your identification has been saved in /root/users/bin/../ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem
Your public key has been saved in /root/users/bin/../ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem.pub
The key fingerprint is:
SHA256:IXiHXZrBGuMIHgU34L4DgAwLeFeX37AhQD69TOF1XZI hostname.com: test.foo@group-a
The key's randomart image is:
+--[ED25519 256]--+
|+ o++o+o+.o ...o.|
|*o+..+o*+Bo.  E. |
|++.+.o*+Xo =     |
|... ..o* oo .    |
|. .     S        |
| . .             |
|  o              |
|   .             |
|                 |
+----[SHA256]-----+
 > Create .ssh folder
 > Add public into authorized_keys
 > Secure folder .ssh and authorized_keys file
  adding: user_list.txt (stored 0%)
  adding: user_password.20221202-094351.txt (stored 0%)
  adding: ssh-keygen/ (stored 0%)
  adding: ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem (deflated 24%)
  adding: ssh-keygen/hostname.com#group-a#test.foo#ed25519.pem.pub (deflated 2%)
Download: /root/users/bin/../zip/users.20221202-094351.zip
  • Step 4: Move the zip file to a folder where you can download it
$> mv /root/users/bin/../zip/users.20221202-094351.zip /home/<admin user>/
  • Step 5: Download ZIP file to local computer and extract

Overwrite user_list.txt file if it exists

In the zup file there are the following files:

  • user_password.YYYYMMDD-HHmmss.txt (creation timestamp)
  • ssh-keygen/hostname#group#user#keytype.pem
  • ssh-keygen/hostname#group#user#keytype.pem.pub

The .pem key has to be given to the user, the pub key is for reference only

  • Step 6: test login

In the folder where the data was extracted

ssh -i ssh-keygen/hostname#group#user#keytype.pem user@hostname

Hand over to the user:

  • username
  • hostname
  • PEM key file
  • PEM key password

If the password needs to be removed:

ssh-keygen -p -f ssh-keygen/hostname#group#user#keytype.pem -P <old password> -N ""
Reference in New Issue View Git Blame Copy Permalink