thibaut-d/01-add_user_with_ssh_access.sh

## 01-add_user_with_ssh_access.sh
# Connect through ssh
ssh username@xx.xx.xx.xx

# Create the Linux user
sudo adduser username

# Check it
cat /etc/passwd

# Grant him sudo privileges (if needed)
sudo adduser username sudo

# Become the user
sudo su - username
whoami
#or in a new shell
sudo -u username zsh
whoami
# quit his sheel with ctrl+d

# Create a RSA Key for the user
ssh-keygen -t rsa -b 4096 -N 'passphrase' -C "user@mail.com" -f ~/.ssh/id_rsa
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

# Add ~/.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

# Configure his user .ssh directory permissions
chmod 700 ~/.ssh
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
chmod 644 ~/.ssh/config
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

# Copy the files where you have access without sudo and download it
cp ~/.ssh/id_rsa /shared
cp ~/.ssh/id_rsa.pub /shared
scp -P xxxx firstuser@xx.xx.xx.xx:/home/username/.ssh/id_rsa ~/
scp -P xxxx firstuser@xx.xx.xx.xx:/home/username/.ssh/id_rsa ~/

# Tests SSH connection
# x.xx.xx.xx being the IP adress of the server
# xxxx being the SSH port, only usefull if changed
ssh username@xx.xx.xx.xx -pxxxx


## 02-add_user_to_docker.sh
# Create a docker group (if not done yet)
sudo groupadd docker

# Add the user to the docker group
sudo usermod -aG docker $USER

# Refresh the group
newgrp docker

# Test
docker run hello-world

## 03-forbid_password_login.sh
# Connect through ssh
ssh username@xx.xx.xx.xx

# Save configuration file
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_save

# Edit configuration file
sudo nano /etc/ssh/sshd_config

# Change content
Port 12345    #or whatever
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no

# Restart ssh
sudo service ssh restart

# Exit
exit

# Connect
ssh username@xx.xx.xx.xx -p 12345
	# Connect through ssh
	ssh username@xx.xx.xx.xx

	# Create the Linux user
	sudo adduser username

	# Check it
	cat /etc/passwd

	# Grant him sudo privileges (if needed)
	sudo adduser username sudo

	# Become the user
	sudo su - username
	whoami
	#or in a new shell
	sudo -u username zsh
	whoami
	# quit his sheel with ctrl+d

	# Create a RSA Key for the user
	ssh-keygen -t rsa -b 4096 -N 'passphrase' -C "user@mail.com" -f ~/.ssh/id_rsa
	eval "$(ssh-agent -s)"
	ssh-add ~/.ssh/id_rsa

	# Add ~/.ssh/authorized_keys
	cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

	# Configure his user .ssh directory permissions
	chmod 700 ~/.ssh
	chmod 644 ~/.ssh/authorized_keys
	chmod 644 ~/.ssh/known_hosts
	chmod 644 ~/.ssh/config
	chmod 600 ~/.ssh/id_rsa
	chmod 644 ~/.ssh/id_rsa.pub

	# Copy the files where you have access without sudo and download it
	cp ~/.ssh/id_rsa /shared
	cp ~/.ssh/id_rsa.pub /shared
	scp -P xxxx firstuser@xx.xx.xx.xx:/home/username/.ssh/id_rsa ~/
	scp -P xxxx firstuser@xx.xx.xx.xx:/home/username/.ssh/id_rsa ~/

	# Tests SSH connection
	# x.xx.xx.xx being the IP adress of the server
	# xxxx being the SSH port, only usefull if changed
	ssh username@xx.xx.xx.xx -pxxxx
	# Create a docker group (if not done yet)
	sudo groupadd docker

	# Add the user to the docker group
	sudo usermod -aG docker $USER

	# Refresh the group
	newgrp docker

	# Test
	docker run hello-world
	# Connect through ssh
	ssh username@xx.xx.xx.xx

	# Save configuration file
	sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_save

	# Edit configuration file
	sudo nano /etc/ssh/sshd_config

	# Change content
	Port 12345 #or whatever
	PermitRootLogin no
	PubkeyAuthentication yes
	PasswordAuthentication no

	# Restart ssh
	sudo service ssh restart

	# Exit
	exit

	# Connect
	ssh username@xx.xx.xx.xx -p 12345