Last active
February 15, 2024 19:11
-
-
Save zentala/d0d0da88b7e229336ce432eabc1e455e to your computer and use it in GitHub Desktop.
Create LXC Ubuntu Bionic privileged container, with SSH server, new passwordless sudo user, with ZSH and oh-my-zsh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Usage: | |
# $ chmod +x lxc_create_container.sh | |
# $ ./lxc_create_container.sh <container-name> | |
# What this script is doing? | |
# * Creating new LXC container | |
# * Making it privileged (giving root permissions) | |
# * Creating new user (you can configure login and pass below) | |
# * Adding your SSH key to authorized_keys (you can configure keys below) | |
# * Allow him to execute commands as root without providing password | |
# * Configuring SSH daemon, so you can connect with container via SSH | |
# * Installing ZSH, oh-my-zsh and making ZSH default shell | |
# Tested with LXC 3.0.3 and Ubuntu 18.04 Desktop | |
BOLD=$(tput bold) | |
NORMAL=$(tput sgr0) | |
COMMAND="\033[0;31m" | |
NAME=$1 | |
USER=zentala # replace with your username here | |
PASS=testpass # replace with your password here | |
SSH_KEY_PUB_CONTENT=`cat ~/.ssh/containers.pub` # replace with path to the public SSH key | |
SSH_KEY_PRIV_PATH=~/.ssh/containers # replace with path to the private SSH key | |
echo -e "${BOLD}=> Creating container ${NAME}...${NORMAL}" | |
lxc launch ubuntu:bionic $NAME | |
echo -e "${BOLD}=> Making container privileged...${NORMAL}" | |
lxc config set $NAME security.privileged true | |
echo -e "${BOLD}=> Creating and pre-configure new user ${USER}...${NORMAL}" | |
lxc exec $NAME -- useradd -p $(openssl passwd -1 $PASS) $USER | |
lxc exec $NAME -- mkdir -p /home/$USER/.ssh/ | |
lxc exec $NAME -- touch /home/$USER/.ssh/authorized_keys | |
lxc exec $NAME -- bash -c "echo $SSH_KEY_PUB_CONTENT >> /home/$USER/.ssh/authorized_keys" | |
lxc exec $NAME -- chown -R $USER:$USER /home/$USER/ | |
lxc exec $NAME -- usermod -aG sudo $USER | |
lxc exec $NAME -- bash -c "echo '$USER ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers" | |
echo -e "${BOLD}=> Configuring SSH daemon${NORMAL}" | |
lxc exec $NAME -- bash -c 'cat <<EOM >/etc/ssh/sshd_config | |
ChallengeResponseAuthentication no | |
UsePAM yes | |
X11Forwarding yes | |
PrintMotd no | |
AcceptEnv LANG LC_* | |
Subsystem sftp /usr/lib/openssh/sftp-server | |
PasswordAuthentication yes | |
MaxAuthTries 30 | |
EOM' | |
lxc exec $NAME -- systemctl restart ssh | |
echo -e "${BOLD}=> Checking container IP...${NORMAL}" | |
IP=`lxc exec $NAME -- ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1 | awk '{print $1}'` | |
echo -e "${BOLD}Your container IP is ${BOLD}$IP${NORMAL}" | |
echo -e "${BOLD}=> Installing ZSH...${NORMAL}" | |
ssh -q \ | |
-o "StrictHostKeyChecking no" \ | |
-i $SSH_KEY_PRIV_PATH \ | |
$USER@$IP \ | |
"sudo apt -y -qq install zsh" | |
echo -e "${BOLD}=> Installing oh-my-zsh for user $USER${NORMAL}" | |
ssh -q \ | |
-o "StrictHostKeyChecking no" \ | |
-i $SSH_KEY_PRIV_PATH \ | |
$USER@$IP << EOT | |
wget https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh | |
sed -i.tmp 's:env zsh::g' install.sh | |
sed -i.tmp 's:chsh -s .*$::g' install.sh | |
sh install.sh | |
EOT | |
echo -e "${BOLD}=> Setting ZSH as default shell of $USER user${NORMAL}" | |
lxc exec $NAME -- chsh -s /bin/zsh $USER | |
echo -e "${BOLD}=> Container created!${NORMAL}" | |
echo -e "${BOLD}Now, you can connect via SSH: ssh $USER@$IP -i $SSH_KEY_PRIV_PATH${NORMAL}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment