Create a gist now

Instantly share code, notes, and snippets.

@jsianes /keypair.sh
Last active Aug 29, 2015

What would you like to do?
Shell script to manage keypairs. You can add an user and establish a new keypair, reset an existing keypair or repair ownerships and permissions.
#!/bin/bash
#
# Developed by: Javier Sianes - jsianes@gmail.com
#
BITS="4096"
username(){
USERNAME=`echo ${USERNAME} | tr '[:upper:]' '[:lower:]' | sed 's/ /_/g'`
id ${USERNAME} >/dev/null 2>&1
if [ $? -eq 0 ]
then
echo "--- error: \"${USERNAME}\" username exists"
exit 2
fi
}
usage(){
echo ""
echo "Usage: $0 [-r | -p] username"
echo ""
echo " Without options, add a new username and generate a new keypair for this username"
echo " -r : Reset keypair for an existing username"
echo " -p : Reset ownership and permissions associated to keypair"
echo ""
exit 1
}
verify_sudo(){
sudo ls / >/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "--- error: \"$(whoami)\" username is unable to run sudo commands"
exit 3
fi
}
add_user(){
verify_sudo
username
echo "--- adding user \"${USERNAME}\" ..."
sudo useradd -d /home/${USERNAME} -c "${USERNAME}" -s /bin/bash -m ${USERNAME} >/dev/null 2>&1
if [ $? -eq 0 ]
then
echo -n "--- user added: "
id ${USERNAME}
echo "--- generating keypair..."
sudo rm -f /home/${USERNAME}/${USERNAME}.pem /home/${USERNAME}/${USERNAME}.pem.pub >/dev/null 2>&1
sudo ssh-keygen -b ${BITS} -f /home/${USERNAME}/${USERNAME}.pem -t rsa -N '' >/dev/null 2>&1
if [ $? -eq 0 ]
then
if [ -d /home/${USERNAME} ]
then
sudo mkdir /home/${USERNAME}/.ssh >/dev/null 2>&1
sudo mv -f /home/${USERNAME}/${USERNAME}.pem.pub /home/${USERNAME}/.ssh/authorized_keys >/dev/null 2>&1
if [ $? -eq 0 ]
then
sudo chmod 700 /home/${USERNAME}/.ssh >/dev/null 2>&1
sudo chmod 600 /home/${USERNAME}/.ssh/authorized_keys >/dev/null 2>&1
sudo chown -R ${USERNAME}: /home/${USERNAME} >/dev/null 2>&1
echo "--- keypair generated and configured. New private key for \"${USERNAME}\" username: /home/${USERNAME}/${USERNAME}.pem"
else
echo "--- error: unable to configure new keypair"
exit 252
fi
else
echo "--- error: unable to configure new keypair"
exit 253
fi
else
echo "--- error: unable to generate a new keypair"
exit 254
fi
else
echo "--- error: unable to add \"${USERNAME}\" username"
exit 255
fi
}
reset_permissions(){
verify_sudo
id ${USERNAME} >/dev/null 2>&1
if [ $? -eq 0 ]
then
HOMEDIRECTORY=`sudo cat /etc/passwd | grep "^${USERNAME}:" | cut -d : -f 6`
if [ -d ${HOMEDIRECTORY} ]
then
sudo chmod 700 ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
sudo chmod 600 ${HOMEDIRECTORY}/.ssh/authorized_keys ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
sudo chown ${USERNAME}: ${HOMEDIRECTORY} ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
sudo chown -R ${USERNAME}: ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
echo "--- keypair ownership and permissions for \"${USERNAME}\" username with home directory ${HOMEDIRECTORY} repaired"
else
echo "--- error: unable to find home directory (${HOMEDIRECTORY}) associated to \"${USERNAME}\" username"
exit 246
fi
else
echo "--- error: \"${USERNAME}\" username doesn't exists"
exit 247
fi
}
reset_keypair(){
verify_sudo
id ${USERNAME} >/dev/null 2>&1
if [ $? -eq 0 ]
then
HOMEDIRECTORY=`sudo cat /etc/passwd | grep "^${USERNAME}:" | cut -d : -f 6`
sudo rm -f ${HOMEDIRECTORY}/${USERNAME}.pem ${HOMEDIRECTORY}/${USERNAME}.pem.pub >/dev/null 2>&1
sudo ssh-keygen -b ${BITS} -f ${HOMEDIRECTORY}/${USERNAME}.pem -t rsa -N '' >/dev/null 2>&1
if [ $? -eq 0 ]
then
if [ -d ${HOMEDIRECTORY} ]
then
sudo mkdir ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
sudo mv -f ${HOMEDIRECTORY}/${USERNAME}.pem.pub ${HOMEDIRECTORY}/.ssh/authorized_keys >/dev/null 2>&1
if [ $? -eq 0 ]
then
sudo chmod 700 ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
sudo chmod 600 ${HOMEDIRECTORY}/.ssh/authorized_keys ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
sudo chown ${USERNAME}: ${HOMEDIRECTORY} ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
sudo chown -R ${USERNAME}: ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
echo "--- keypair generated and configured. New private key for \"${USERNAME}\" username: ${HOMEDIRECTORY}/${USERNAME}.pem"
else
echo "--- error: unable to configure new keypair"
exit 251
fi
else
echo "--- error: unable to configure new keypair"
exit 250
fi
else
echo "--- error: unable to find home directory (${HOMEDIRECTORY}) associated to \"${USERNAME}\" username"
exit 249
fi
else
echo "--- error: \"${USERNAME}\" username doesn't exists"
exit 248
fi
}
case "$#" in
1)
USERNAME="$1"; add_user
;;
2)
if [ "$1" = "-r" ]; then USERNAME="$2"; reset_keypair; fi
if [ "$1" = "-p" ]; then USERNAME="$2"; reset_permissions; fi
;;
*)
usage
;;
esac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment