Aaron's CentOS7 Scripts

scottalanmiller

The easiest form of key managemet is to put the public keys into the script as text and "echo" them out to the appropriate file. here would be an example:

echo "sdpvoisd;lfkjsfjsagpioja[giwrj[ gij[aij[wwwdfffghag" >> /home/anonymous/.ssh/authorized_keys

Where the gibberish is actually the key contents.

scottalanmiller

Assuming that the file does not already exist, you would need to chmod and chown it too, for it to work correctly. And you would need to set SELinux perms on it. Assuming that we are on CentOS 7, which is the basis of this thread so I am assuming.

Alex Sage

@scottalanmiller said:

Assuming that the file does not already exist, you would need to chmod and chown it too, for it to work correctly. And you would need to set SELinux perms on it. Assuming that we are on CentOS 7, which is the basis of this thread so I am assuming.

Hmmmmm. How hard is that to do?

I have been using this guide: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-centos-7

Hoping to automate

Alex Sage

If I did su - <username> and created the file first, would that solve the problem?

scottalanmiller

Here is the loop that we use to fix perms on the home directories:

for i in $(ls /home); do chown -R $i:$i /home/"$i"; chmod 700 /home/"$i"; chmod 700 /home/"$i"/.ssh; chmod 600 /home/"$i"/.ssh/authorized_keys; restorecon /home/"$i"/.ssh; done

scottalanmiller

@anonymous said:

If I did su - <username> and created the file first, would that solve the problem?

That's kinda awful, lol.

Alex Sage

@scottalanmiller So $i is the username?

Alex Sage

Would you be willing to post the whole script? No doubt others could benefit from it

Take out the NTG stuff

scottalanmiller

Let me see about cleaning it up.

Alex Sage

@scottalanmiller said:

Let me see about cleaning it up.

THANKS!

mlnews

Okay, here is the CentOS 7 specific one (should work on CentOS 6, Fedora 23, but it is for C7) with all but two users stripped out to demonstrate the wheel and non-wheel user functions. And before anyone notices, yes I need to update the key length.

#!/bin/bash
useradd scott -u 1101 -c "Scott Alan Miller" -G wheel
useradd danielle -u 1107 -c "Danielle Ralston"

for i in $(ls /home); do mkdir -p /home/$i/.ssh; done

echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDPdBvgVUD/gHJl/inuOMGDgUXT88pdPrEM1WFdYqlnG4QximJ0HEqSweSlK8Qhxg6u7B+gPtR2GDxyLOydajARXNoR6d5W/Aupvet8vUVAXp5sIfjyYGcrZOM4dboWE0MkKuVtJX+ZEEXuLojqd9RvICnsBYhV3KwzuGimtf1c3z8hau82bKc7fxvsF1KBV6luLyb6MFlEgapf32v0j8aSoMmGHxcNBoR/H+iJxEUMLr0d4ecZNSW9864J+dy6qT5Ei3bcPdwJZ7/gVcee7MVDYzPtbAXEtgT/U4r4zghZvuLnB2N/sBpDm1MsZpzA4YdJw+Cm7V4RmAx+SmPoAzT scott@cc-lnx-jump' > /home/scott/.ssh/authorized_keys

echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCcR7YY5dzaGtW4a3rte57aUE6Gqre7bco60vUM+UUoJyjlqH98P+GqkkMTUCiHELQR3HLMc5bpknaRcjqJtl1CpD5Wl3PgbFU0BD9mYbKcEGW1AET7hvYMPjJuC5lHYGDRgRLBTAuPFU2lijyMx2881BMmUNqWyNQTLzqKrWpleSq7hpMY3zdTSzt4I1T/S20zs2iWjxoGj0NboImwLwn2fJSuOVVVBCVWt7u8Hfau2yQ29b0sCFAge6rp2cJRn7dnN27K6J9jexQWZHBuxRdkdrdp+jOnObqwL47+2AmjeuGuzP2ZQyYvcgTynQKiyBWYhDl47kquYgHvwSyfFIYWAx2aJi7g7naJiX0AyQaKBcdC7p4/VKo/z54iStFV4/1Y3nY2+K4hX+NewrVopl4hmtwgA8YFXwGuEa7TEol6QOw288QSlUCUIQdSla6zewmAYm/e436SuQaW9mtRgNkhQzlhEagIfPVmwDbRyWt9zeueXGGuSPxaAtI28Ul0zCk8ukyZUyPBXAFMZyGQn0kot37Hcxxc8ewA/Vt5wms1TUowQmVc52X6ckMks+8XtcXB45E/BeISQFguNACYzjLwYPbQ8ir0+BA8+92+XUU8SkNLLtHSCCxTzuw/xlAh+1Dy7fPKt+YT3OAvwQRPIDNlqBaCN6+FNht4vsL05oGEaQ== danielle@cc-lnx-jump' > /home/danielle/.ssh/authorized_keys

for i in $(ls /home); do chown -R $i:$i /home/"$i"; chmod 700 /home/"$i"; chmod 700 /home/"$i"/.ssh; chmod 600 /home/"$i"/.ssh/authorized_keys; restorecon /home/"$i"/.ssh; done

if [ -f /etc/redhat-release ]; then
    sed -i 's/^%wheel/# %wheel/' /etc/sudoers
    sed -i 's/^#\s*\(%wheel\s\+ALL=(ALL)\s\+NOPASSWD:\s\+ALL\)/\1/' /etc/sudoers
    yum -y install epel-release
    yum -y install sysstat htop fail2ban yum-cron
fi

mlnews

Heaven only knows why I posted from this account.

Alex Sage

So you guys use first names only? What happens when you hire another Scott? No access to Linux servers for him?

Alex Sage

I don't see where you define i?

scottalanmiller

@anonymous said:

So you guys use first names only? What happens when you hire another Scott? No access to Linux servers for him?

That's right. No email, either.

When you've been somewhere for seventeen years, you get to have a first name login.

scottalanmiller

@anonymous said:

I don't see where you define i?

I use it to refer to myself. It's self referential

scottalanmiller

@anonymous said:

I don't see where you define i?

It's here...

for i in $(ls /home);

"i" is defined in the statement, there is no need to defining it before then, BASH doesn't do that, like BASIC does, for example. You don't need to instantiate a variable before use. And it is set in the statement, so created and set all in one go.

Alex Sage

Going to release version 2.0 tonight I hope