albert-decatur · January 19, 2018 11:23
diff --git a/bootstrap.sh b/bootstrap.sh
 #!/bin/bash

 # bootstrap a vagrant ubuntu guest to have the following:
 # openssh server
 # x2go server
 # ufw
 # fail2ban
 # user args: STDIN is TSV of "username\tpubkey", one per line
 # NB: 
 # run as root
 # user passwords will be same as usernames and only key authentication is allowed for ssh
 # users are not in group sudo
 # if user already exists then skip their setup except to append pubkey (assumes users have home dirs under /home) 
 # TODO: automount samba share
 # example use: cat users.tsv | sudo ./bootstrap.sh

 # prereq for add-apt-repository
 apt-get update
 apt-get install -y software-properties-common
 # set up openssh server and only allow public key access
 apt-get install -y openssh-server
 password_check=$(grep -E "^PasswordAuthentication\s*no" /etc/ssh/sshd_config)
 if [[ -z "$password_check" ]]; then
    echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
 fi    
 service ssh restart
 # set up x2go server for efficient X11 forwarding
 add-apt-repository -y ppa:x2go/stable
 apt-get update
 apt-get install -y x2goserver x2goserver-xsession
 # set up simple firewall and simple intrusion prevention for ssh
 apt-get install -y ufw fail2ban 
 ufw allow 22
 ufw enable
 # add users and their public keys based on STDIN
 cat |\
 while read line
 do
    user=$(echo "$line" | cut -f1)
    pubkey=$(echo "$line" | cut -f2)
    # if the user does not exist then add the user
    users=$(cat /etc/passwd | cut -d: -f1 )
    if [[ -z $(echo "$users" | grep -E "^${user}$") ]]; then 
        useradd -m -U $user
        echo -e "${user}\n${user}" | passwd $user
    fi
        ssh=/home/$user/.ssh
        mkdir $ssh 2>/dev/null
        # append pubkey to authorized_keys rather than overwrite
        authorized_keys=$ssh/authorized_keys
        touch $authorized_keys
        echo "$pubkey" >> $authorized_keys
        # clean up duplicate pubkeys
        cat $authorized_keys | uniq > /tmp/authorized_keys
        mv /tmp/authorized_keys $authorized_keys
        # set ownership and permissions to allow ssh
        chown -R ${user}:${user} $ssh
        chmod 700 $ssh
        chmod 600 $authorized_keys
 done
	#!/bin/bash

	# bootstrap a vagrant ubuntu guest to have the following:
	# openssh server
	# x2go server
	# ufw
	# fail2ban
	# user args: STDIN is TSV of "username\tpubkey", one per line
	# NB:
	# run as root
	# user passwords will be same as usernames and only key authentication is allowed for ssh
	# users are not in group sudo
	# if user already exists then skip their setup except to append pubkey (assumes users have home dirs under /home)
	# TODO: automount samba share
	# example use: cat users.tsv \| sudo ./bootstrap.sh

	# prereq for add-apt-repository
	apt-get update
	apt-get install -y software-properties-common
	# set up openssh server and only allow public key access
	apt-get install -y openssh-server
	password_check=$(grep -E "^PasswordAuthentication\s*no" /etc/ssh/sshd_config)
	if [[ -z "$password_check" ]]; then
	echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
	fi
	service ssh restart
	# set up x2go server for efficient X11 forwarding
	add-apt-repository -y ppa:x2go/stable
	apt-get update
	apt-get install -y x2goserver x2goserver-xsession
	# set up simple firewall and simple intrusion prevention for ssh
	apt-get install -y ufw fail2ban
	ufw allow 22
	ufw enable
	# add users and their public keys based on STDIN
	cat \|\
	while read line
	do
	user=$(echo "$line" \| cut -f1)
	pubkey=$(echo "$line" \| cut -f2)
	# if the user does not exist then add the user
	users=$(cat /etc/passwd \| cut -d: -f1 )
	if [[ -z $(echo "$users" \| grep -E "^${user}$") ]]; then
	useradd -m -U $user
	echo -e "${user}\n${user}" \| passwd $user
	fi
	ssh=/home/$user/.ssh
	mkdir $ssh 2>/dev/null
	# append pubkey to authorized_keys rather than overwrite
	authorized_keys=$ssh/authorized_keys
	touch $authorized_keys
	echo "$pubkey" >> $authorized_keys
	# clean up duplicate pubkeys
	cat $authorized_keys \| uniq > /tmp/authorized_keys
	mv /tmp/authorized_keys $authorized_keys
	# set ownership and permissions to allow ssh
	chown -R ${user}:${user} $ssh
	chmod 700 $ssh
	chmod 600 $authorized_keys
	done