-
-
Save rascul/fd606947361bdafa0ddf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Usage info | |
read -r -d '' helptext <<- EOF | |
Usage: ${0##*/} [-gsvh] -k KEYFILE -r REMOTEHOST -u USERNAME | |
Initialize a fresh, new DigitalOcean droplet. | |
Required: | |
-k, --keyfile KEYFILE Path to SSH public key file to install. | |
-r, --remotehost REMOTEHOST Remote host to connect to and initialize. | |
-u, --user USERNAME User name to add. | |
Optional: | |
-g, --group GROUPNAME Add user to the specified group. | |
-s, --sudo Add user to /etc/sudoers. | |
-h, --help Display this help and exit. | |
EOF | |
keyfile="" | |
remotehost="" | |
username="" | |
groupname="" | |
usesudo=0 | |
verbose=0 | |
# Process through the positional paramaters. | |
while :; do | |
case $1 in | |
-k|--keyfile) | |
if [[ $2 ]]; then | |
if [[ -f "$2" && -r "$2" ]]; then | |
keyfile=$2 | |
shift 2 | |
else | |
echo "Key file $2 doesn't exist or is not readable." | |
exit 1 | |
fi | |
else | |
echo "Key file must be specified." | |
exit 1 | |
fi | |
;; | |
-r|--remotehost) | |
if [[ $2 ]]; then | |
remotehost=$2 | |
shift 2 | |
else | |
echo "Remote host must be specified." | |
exit 1 | |
fi | |
;; | |
-g|--group) | |
if [[ $2 ]]; then | |
groupname=$2 | |
shift 2 | |
else | |
echo "$1 Requires a group name." | |
exit 1 | |
fi | |
;; | |
-u|--user) | |
if [[ $2 ]]; then | |
username=$2 | |
shift 2 | |
else | |
echo "$1 Requires a user name." | |
exit 1 | |
fi | |
;; | |
-s|--sudo) | |
usesudo=1 | |
shift | |
;; | |
-h|--help) | |
echo "$helptext" | |
exit | |
;; | |
*) | |
break | |
;; | |
esac | |
done | |
# Verify required information is present. | |
if [[ -z "$keyfile" ]]; then | |
echo "A key file must be specified." | |
exit 1 | |
elif [[ -z "$username" ]]; then | |
echo "A user name must be specified." | |
exit 1 | |
elif [[ -z "$remotehost" ]]; then | |
echo "A remote host must be specified." | |
exit 1 | |
fi | |
# Tighten up OpenSSH security some. Allows root login via key only. | |
echo "Configuring OpenSSH" | |
read -r -d '' sedscript <<- EOF | |
s/PermitRootLogin\syes/PermitRootLogin without-password/; | |
s/#PasswordAuthentication\syes/PasswordAuthentication no/; | |
s/X11Forwarding\syes/X11Forwarding no/ | |
EOF | |
ssh root@${remotehost} "sed -i.backup -e \"$sedscript\" /etc/ssh/sshd_config" | |
# Setup root user's ~/.ssh/ directory. | |
echo "Setting up /root/.ssh/" | |
ssh root@${remotehost} "install -d -m 700 /root/.ssh" | |
scp ${keyfile} root@${remotehost}:/root/.ssh/baseline.key | |
read -r -d '' sshcommands <<- EOF | |
cat /root/.ssh/baseline.key >> /root/.ssh/authorized_keys | |
chown root:root /root/.ssh/authorized_keys | |
chmod 600 /root/.ssh/authorized_keys | |
EOF | |
ssh root@${remotehost} "$sshcommands" | |
# Add and setup the new user. | |
echo "Setting up new user $username" | |
read -r -d '' sshcommands <<- EOF | |
useradd -m -U -c $username -s /bin/bash $username | |
install -d -m 700 -o $username -g $username /home/$username/.ssh | |
cat /root/.ssh/baseline.key >> /home/$username/.ssh/authorized_keys | |
chown $username:$username /home/$username/.ssh/authorized_keys | |
chmod 600 /home/$username/.ssh/authorized_keys | |
EOF | |
ssh root@${remotehost} "$sshcommands" | |
# Add user to sudoers. | |
if [[ $usesudo -eq 1 ]]; then | |
echo "Adding $username to sudoers" | |
ssh root@${remotehost} "echo '$username ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers" | |
fi | |
# Add user to a specified group. | |
if [[ $groupname ]]; then | |
echo "Adding $username to $groupname" | |
ssh root@${remotehost} "groupadd -f $groupname; usermod -aG $groupname $username" | |
fi | |
echo "Done. You may now `ssh $username@$remotehost`." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment