Create you own user on AWS Ubuntu or Raspberry Pi

main-user.sh

#!/bin/bash

set -e

username=$1
new_uid=$2
new_groups=$3

while [ -z "$username" ]
	do
		read -p "Enter username []: " username
done

if id "$username" &>/dev/null; then
    echo "User \`$username\` exists."
else
	if [ -z "$new_uid" ]; then
		read -p "Enter UID []: " new_uid
	fi

	if [ ! -z "$new_uid" ]; then
		uid_str="--uid $new_uid"
	fi
    useradd --create-home $uid_str --shell /usr/bin/bash "$username" || exit 1
fi

if [[ $(passwd --status "$username" | awk '{print $2}') = P ]]
then
    read -p "Do you want to change your password? [y|N]" change_pass
else
  change_pass=y
fi

if [ "$change_pass" == 'y' ]; then
  passwd "$username"
fi

default_groups="sudo,adm"
echo "Current groups:"
groups "$username"
while :; do
  if [ -z "$new_groups" ]; then
    read -p "Enter groups to add the user to [$default_groups]: " new_groups
  fi
  new_groups=${new_groups:-"$default_groups"}
  usermod -aG "$new_groups" "$username" || exit 1
  # Check if the user belongs to sudo group
  id --name --groups --zero "$username" | grep --quiet --null-data --line-regexp --fixed-strings "sudo" && break
  echo "User needs to belong to sudo group!"
  new_groups=""
done


HMDIR="/home/$username"
SSHDIR="$HMDIR/.ssh"
mkdir -p "$HMDIR/.ssh"
chown $username:$username "$SSHDIR"
chmod 700 "$SSHDIR"

KEYSFILE="$SSHDIR/authorized_keys"
touch $KEYSFILE
chown $username:$username "$KEYSFILE"
chmod 600 "$KEYSFILE"

read -p "Enter public key. Enter to skip (if key is already set): " pubkey
if [ -n "$pubkey" ]; then
	echo $pubkey >> $KEYSFILE
else
	if [ ! -s $KEYSFILE ]; then
		echo "Authorized keys file is empty. Please provide your pub key."
		exit 1
	fi
fi


read -p "IMPORTANT! Check if you can ssh as your user without password [y|N]: " can_login
if [ "$can_login" != 'y' ]; then
	echo "Restart the script and enter a proper public key"
	exit 1
fi


echo "Disabling passwordless sudo!"
if [ -f /etc/sudoers.d/90-cloud-init-users ]; then
	mv /etc/sudoers.d/90-cloud-init-users /etc/sudoers.d/90-cloud-init-users~
else
	: # TODO: for Raspberri Pi
fi

current=$SUDO_USER

This script is supposed to be used on AWS Ubuntu or Raspberry Pi to create your own user and disable the stock one.

HOW TO RUN:

sudo bash -c "$(wget -O - https://gist.githubusercontent.com/khustochka/33f8a1c0df142eae654a08c140319dae/raw/main-user.sh)"

or

wget https://gist.githubusercontent.com/khustochka/33f8a1c0df142eae654a08c140319dae/raw/main-user.sh
chmod +x main-user.sh
sudo ./main-user.sh

ARGUMENTS (OPTIONAL):

1. Username of the new user
2. UID of the new user
3. Groups to add the user to (separated by comma)

WHAT IT DOES:

1. Creates a new user, unless it exists (provide username as an argument, or enter when asked).
2. UID can be provided as a second argument, or entered separately, or skipped.
3. If necessary, asks to create a password. For existing user with a valid password asks if you want to change it.
4. Third argument is a list of groups, if not provided you will be asked. Default is adm,sudo.
5. Checks if after all the manipulations the user is in sudo group.
6. Asks for the public key and adds it to authorized_keys. This can be skipped, but only if authorized_keys file is not empty.
7. Asks you to make sure that you can indeed connect as your user using key-based auth.
8. (AWS Ubuntu) Disables passwordless sudo for ubuntu user.

TODO:

• Disable ubuntu/pi user (optional).
• Prohibit root login via ssh.
• Prohibit password auth via ssh.
• Change pi user password (?)

RECOMMENDATION:

• Add more authorized keys from other computers.