Created
June 2, 2022 15:09
-
-
Save antonga23/28a8234524779ea11eb5e79d96873ecc to your computer and use it in GitHub Desktop.
basic script to seed new user on digital ocean and transfer ssh keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| USERNAME=ubuntu # TODO: Customize the sudo non-root username here | |
| # Create user and immediately expire password to force a change on login | |
| useradd --create-home --shell "/bin/bash" --groups sudo "${USERNAME}" | |
| passwd --delete "${USERNAME}" | |
| chage --lastday 0 "${USERNAME}" | |
| # Create SSH directory for sudo user and move keys over | |
| home_directory="$(eval echo ~${USERNAME})" | |
| mkdir --parents "${home_directory}/.ssh" | |
| cp /root/.ssh/authorized_keys "${home_directory}/.ssh" | |
| chmod 0700 "${home_directory}/.ssh" | |
| chmod 0600 "${home_directory}/.ssh/authorized_keys" | |
| chown --recursive "${USERNAME}":"${USERNAME}" "${home_directory}/.ssh" | |
| # Disable root SSH login with password | |
| sed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config | |
| if sshd -t -q; then systemctl restart sshd; fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment