albert-decatur/bootstrap.sh

## bootstrap.sh
#!/bin/bash

# bootstrap a vagrant ubuntu guest to have the following:
# openssh server
# x2go server
# ufw
# fail2ban
# user args: STDIN is TSV of "username\tpubkey", one per line
# NB:
# run as root
# user passwords will be same as usernames and only key authentication is allowed for ssh
# users are not in group sudo
# if user already exists then skip their setup except to append pubkey (assumes users have home dirs under /home)
# TODO: automount samba share
# example use: cat users.tsv | sudo ./bootstrap.sh

# prereq for add-apt-repository
apt-get update
apt-get install -y software-properties-common
# set up openssh server and only allow public key access
apt-get install -y openssh-server
password_check=$(grep -E "^PasswordAuthentication\s*no" /etc/ssh/sshd_config)
if [[ -z "$password_check" ]]; then
    echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
fi
service ssh restart
# set up x2go server for efficient X11 forwarding
add-apt-repository -y ppa:x2go/stable
apt-get update
apt-get install -y x2goserver x2goserver-xsession
# set up simple firewall and simple intrusion prevention for ssh
apt-get install -y ufw fail2ban
ufw allow 22
ufw enable
# add users and their public keys based on STDIN
cat |\
while read line
do
    user=$(echo "$line" | cut -f1)
    pubkey=$(echo "$line" | cut -f2)
    # if the user does not exist then add the user
    users=$(cat /etc/passwd | cut -d: -f1 )
    if [[ -z $(echo "$users" | grep -E "^${user}$") ]]; then
        useradd -m -U $user
        echo -e "${user}\n${user}" | passwd $user
    fi
        ssh=/home/$user/.ssh
        mkdir $ssh 2>/dev/null
        # append pubkey to authorized_keys rather than overwrite
        authorized_keys=$ssh/authorized_keys
        touch $authorized_keys
        echo "$pubkey" >> $authorized_keys
        # clean up duplicate pubkeys
        cat $authorized_keys | uniq > /tmp/authorized_keys
        mv /tmp/authorized_keys $authorized_keys
        # set ownership and permissions to allow ssh
        chown -R ${user}:${user} $ssh
        chmod 700 $ssh
        chmod 600 $authorized_keys
done
	#!/bin/bash

	# bootstrap a vagrant ubuntu guest to have the following:
	# openssh server
	# x2go server
	# ufw
	# fail2ban
	# user args: STDIN is TSV of "username\tpubkey", one per line
	# NB:
	# run as root
	# user passwords will be same as usernames and only key authentication is allowed for ssh
	# users are not in group sudo
	# if user already exists then skip their setup except to append pubkey (assumes users have home dirs under /home)
	# TODO: automount samba share
	# example use: cat users.tsv \| sudo ./bootstrap.sh

	# prereq for add-apt-repository
	apt-get update
	apt-get install -y software-properties-common
	# set up openssh server and only allow public key access
	apt-get install -y openssh-server
	password_check=$(grep -E "^PasswordAuthentication\s*no" /etc/ssh/sshd_config)
	if [[ -z "$password_check" ]]; then
	echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
	fi
	service ssh restart
	# set up x2go server for efficient X11 forwarding
	add-apt-repository -y ppa:x2go/stable
	apt-get update
	apt-get install -y x2goserver x2goserver-xsession
	# set up simple firewall and simple intrusion prevention for ssh
	apt-get install -y ufw fail2ban
	ufw allow 22
	ufw enable
	# add users and their public keys based on STDIN
	cat \|\
	while read line
	do
	user=$(echo "$line" \| cut -f1)
	pubkey=$(echo "$line" \| cut -f2)
	# if the user does not exist then add the user
	users=$(cat /etc/passwd \| cut -d: -f1 )
	if [[ -z $(echo "$users" \| grep -E "^${user}$") ]]; then
	useradd -m -U $user
	echo -e "${user}\n${user}" \| passwd $user
	fi
	ssh=/home/$user/.ssh
	mkdir $ssh 2>/dev/null
	# append pubkey to authorized_keys rather than overwrite
	authorized_keys=$ssh/authorized_keys
	touch $authorized_keys
	echo "$pubkey" >> $authorized_keys
	# clean up duplicate pubkeys
	cat $authorized_keys \| uniq > /tmp/authorized_keys
	mv /tmp/authorized_keys $authorized_keys
	# set ownership and permissions to allow ssh
	chown -R ${user}:${user} $ssh
	chmod 700 $ssh
	chmod 600 $authorized_keys
	done