Aaron's CentOS7 Scripts
-
The easiest form of key managemet is to put the public keys into the script as text and "echo" them out to the appropriate file. here would be an example:
echo "sdpvoisd;lfkjsfjsagpioja[giwrj[ gij[aij[wwwdfffghag" >> /home/anonymous/.ssh/authorized_keys
Where the gibberish is actually the key contents.
-
Assuming that the file does not already exist, you would need to chmod and chown it too, for it to work correctly. And you would need to set SELinux perms on it. Assuming that we are on CentOS 7, which is the basis of this thread so I am assuming.
-
@scottalanmiller said:
Assuming that the file does not already exist, you would need to chmod and chown it too, for it to work correctly. And you would need to set SELinux perms on it. Assuming that we are on CentOS 7, which is the basis of this thread so I am assuming.
Hmmmmm. How hard is that to do?
I have been using this guide: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7
Hoping to automate
-
If I did su - <username> and created the file first, would that solve the problem?
-
Here is the loop that we use to fix perms on the home directories:
for i in $(ls /home); do chown -R $i:$i /home/"$i"; chmod 700 /home/"$i"; chmod 700 /home/"$i"/.ssh; chmod 600 /home/"$i"/.ssh/authorized_keys; restorecon /home/"$i"/.ssh; done
-
@anonymous said:
If I did su - <username> and created the file first, would that solve the problem?
That's kinda awful, lol.
-
@scottalanmiller So $i is the username?
-
Would you be willing to post the whole script? No doubt others could benefit from it
Take out the NTG stuff
-
Let me see about cleaning it up.
-
-
Okay, here is the CentOS 7 specific one (should work on CentOS 6, Fedora 23, but it is for C7) with all but two users stripped out to demonstrate the wheel and non-wheel user functions. And before anyone notices, yes I need to update the key length.
#!/bin/bash useradd scott -u 1101 -c "Scott Alan Miller" -G wheel useradd danielle -u 1107 -c "Danielle Ralston" for i in $(ls /home); do mkdir -p /home/$i/.ssh; done echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDPdBvgVUD/gHJl/inuOMGDgUXT88pdPrEM1WFdYqlnG4QximJ0HEqSweSlK8Qhxg6u7B+gPtR2GDxyLOydajARXNoR6d5W/Aupvet8vUVAXp5sIfjyYGcrZOM4dboWE0MkKuVtJX+ZEEXuLojqd9RvICnsBYhV3KwzuGimtf1c3z8hau82bKc7fxvsF1KBV6luLyb6MFlEgapf32v0j8aSoMmGHxcNBoR/H+iJxEUMLr0d4ecZNSW9864J+dy6qT5Ei3bcPdwJZ7/gVcee7MVDYzPtbAXEtgT/U4r4zghZvuLnB2N/sBpDm1MsZpzA4YdJw+Cm7V4RmAx+SmPoAzT scott@cc-lnx-jump' > /home/scott/.ssh/authorized_keys echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCcR7YY5dzaGtW4a3rte57aUE6Gqre7bco60vUM+UUoJyjlqH98P+GqkkMTUCiHELQR3HLMc5bpknaRcjqJtl1CpD5Wl3PgbFU0BD9mYbKcEGW1AET7hvYMPjJuC5lHYGDRgRLBTAuPFU2lijyMx2881BMmUNqWyNQTLzqKrWpleSq7hpMY3zdTSzt4I1T/S20zs2iWjxoGj0NboImwLwn2fJSuOVVVBCVWt7u8Hfau2yQ29b0sCFAge6rp2cJRn7dnN27K6J9jexQWZHBuxRdkdrdp+jOnObqwL47+2AmjeuGuzP2ZQyYvcgTynQKiyBWYhDl47kquYgHvwSyfFIYWAx2aJi7g7naJiX0AyQaKBcdC7p4/VKo/z54iStFV4/1Y3nY2+K4hX+NewrVopl4hmtwgA8YFXwGuEa7TEol6QOw288QSlUCUIQdSla6zewmAYm/e436SuQaW9mtRgNkhQzlhEagIfPVmwDbRyWt9zeueXGGuSPxaAtI28Ul0zCk8ukyZUyPBXAFMZyGQn0kot37Hcxxc8ewA/Vt5wms1TUowQmVc52X6ckMks+8XtcXB45E/BeISQFguNACYzjLwYPbQ8ir0+BA8+92+XUU8SkNLLtHSCCxTzuw/xlAh+1Dy7fPKt+YT3OAvwQRPIDNlqBaCN6+FNht4vsL05oGEaQ== danielle@cc-lnx-jump' > /home/danielle/.ssh/authorized_keys for i in $(ls /home); do chown -R $i:$i /home/"$i"; chmod 700 /home/"$i"; chmod 700 /home/"$i"/.ssh; chmod 600 /home/"$i"/.ssh/authorized_keys; restorecon /home/"$i"/.ssh; done if [ -f /etc/redhat-release ]; then sed -i 's/^%wheel/# %wheel/' /etc/sudoers sed -i 's/^#\s*\(%wheel\s\+ALL=(ALL)\s\+NOPASSWD:\s\+ALL\)/\1/' /etc/sudoers yum -y install epel-release yum -y install sysstat htop fail2ban yum-cron fi
-
Heaven only knows why I posted from this account.
-
So you guys use first names only? What happens when you hire another Scott? No access to Linux servers for him?
-
I don't see where you define i?
-
@anonymous said:
So you guys use first names only? What happens when you hire another Scott? No access to Linux servers for him?
That's right. No email, either.
When you've been somewhere for seventeen years, you get to have a first name login.
-
@anonymous said:
I don't see where you define i?
I use it to refer to myself. It's self referential
-
@anonymous said:
I don't see where you define i?
It's here...
for i in $(ls /home);
"i" is defined in the statement, there is no need to defining it before then, BASH doesn't do that, like BASIC does, for example. You don't need to instantiate a variable before use. And it is set in the statement, so created and set all in one go.
-
Going to release version 2.0 tonight I hope