jsianes · August 29, 2015 14:06
diff --git a/keypair.sh b/keypair.sh
 #!/bin/bash
 #
 # Developed by: Javier Sianes - [email protected]
 #

 BITS="4096"

 username(){
  USERNAME=`echo ${USERNAME} | tr '[:upper:]' '[:lower:]' | sed 's/ /_/g'`

  id ${USERNAME} >/dev/null 2>&1
  
  if [ $? -eq 0 ]
  then
    echo "--- error: \"${USERNAME}\" username exists"
    exit 2
  fi
 }

 usage(){
  echo ""
  echo "Usage: $0 [-r | -p] username"
  echo ""
  echo "  Without options, add a new username and generate a new keypair for this username"
  echo "  -r : Reset keypair for an existing username"
  echo "  -p : Reset ownership and permissions associated to keypair"
  echo ""
  exit 1
 }

 verify_sudo(){
  sudo ls / >/dev/null 2>&1

  if [ $? -ne 0 ]
  then
    echo "--- error: \"$(whoami)\" username is unable to run sudo commands"
    exit 3
  fi
 }

 add_user(){
  verify_sudo
  username
  echo "--- adding user \"${USERNAME}\" ..."
  sudo useradd -d /home/${USERNAME} -c "${USERNAME}" -s /bin/bash -m ${USERNAME} >/dev/null 2>&1
  
  if [ $? -eq 0 ]
  then
    echo -n "--- user added: "
    id ${USERNAME}
    echo "--- generating keypair..."
    sudo rm -f /home/${USERNAME}/${USERNAME}.pem /home/${USERNAME}/${USERNAME}.pem.pub >/dev/null 2>&1
    sudo ssh-keygen -b ${BITS} -f /home/${USERNAME}/${USERNAME}.pem -t rsa -N '' >/dev/null 2>&1
    if [ $? -eq 0 ]
    then
      if [ -d /home/${USERNAME} ] 
      then
        sudo mkdir /home/${USERNAME}/.ssh >/dev/null 2>&1
        sudo mv -f /home/${USERNAME}/${USERNAME}.pem.pub /home/${USERNAME}/.ssh/authorized_keys >/dev/null 2>&1
        if [ $? -eq 0 ]
        then
          sudo chmod 700 /home/${USERNAME}/.ssh >/dev/null 2>&1
          sudo chmod 600 /home/${USERNAME}/.ssh/authorized_keys >/dev/null 2>&1
          sudo chown -R ${USERNAME}: /home/${USERNAME} >/dev/null 2>&1
          echo "--- keypair generated and configured. New private key for \"${USERNAME}\" username: /home/${USERNAME}/${USERNAME}.pem"
        else
          echo "--- error: unable to configure new keypair"
          exit 252
        fi
      else
        echo "--- error: unable to configure new keypair"
        exit 253
      fi
    else
      echo "--- error: unable to generate a new keypair"
      exit 254
    fi
  else
    echo "--- error: unable to add \"${USERNAME}\" username"
    exit 255
  fi
 }

 reset_permissions(){
  verify_sudo
  id ${USERNAME} >/dev/null 2>&1
  if [ $? -eq 0 ]
  then
    HOMEDIRECTORY=`sudo cat /etc/passwd | grep "^${USERNAME}:" | cut -d : -f 6`
    if [ -d ${HOMEDIRECTORY} ]
    then
      sudo chmod 700 ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
      sudo chmod 600 ${HOMEDIRECTORY}/.ssh/authorized_keys ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
      sudo chown ${USERNAME}: ${HOMEDIRECTORY} ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
      sudo chown -R ${USERNAME}: ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
      echo "--- keypair ownership and permissions for \"${USERNAME}\" username with home directory ${HOMEDIRECTORY} repaired"
    else
      echo "--- error: unable to find home directory (${HOMEDIRECTORY}) associated to \"${USERNAME}\" username"
      exit 246
    fi
  else
    echo "--- error: \"${USERNAME}\" username doesn't exists"
    exit 247
  fi
 }

 reset_keypair(){
  verify_sudo
  id ${USERNAME} >/dev/null 2>&1
  if [ $? -eq 0 ]
  then
    HOMEDIRECTORY=`sudo cat /etc/passwd | grep "^${USERNAME}:" | cut -d : -f 6`
    sudo rm -f ${HOMEDIRECTORY}/${USERNAME}.pem ${HOMEDIRECTORY}/${USERNAME}.pem.pub >/dev/null 2>&1
    sudo ssh-keygen -b ${BITS} -f ${HOMEDIRECTORY}/${USERNAME}.pem -t rsa -N '' >/dev/null 2>&1
    if [ $? -eq 0 ]
    then
      if [ -d ${HOMEDIRECTORY} ]
      then
        sudo mkdir ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
        sudo mv -f ${HOMEDIRECTORY}/${USERNAME}.pem.pub ${HOMEDIRECTORY}/.ssh/authorized_keys >/dev/null 2>&1
        if [ $? -eq 0 ]
        then
          sudo chmod 700 ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
          sudo chmod 600 ${HOMEDIRECTORY}/.ssh/authorized_keys ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
          sudo chown ${USERNAME}: ${HOMEDIRECTORY} ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
          sudo chown -R ${USERNAME}: ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
          echo "--- keypair generated and configured. New private key for \"${USERNAME}\" username: ${HOMEDIRECTORY}/${USERNAME}.pem"
        else
          echo "--- error: unable to configure new keypair"
          exit 251
        fi
      else
        echo "--- error: unable to configure new keypair"
        exit 250
      fi
    else
      echo "--- error: unable to find home directory (${HOMEDIRECTORY}) associated to \"${USERNAME}\" username"
      exit 249
    fi
  else
    echo "--- error: \"${USERNAME}\" username doesn't exists"
    exit 248
  fi
 }

 case "$#" in
  1)
        USERNAME="$1"; add_user
        ;;
  2)
        if [ "$1" = "-r" ]; then USERNAME="$2"; reset_keypair; fi
        if [ "$1" = "-p" ]; then USERNAME="$2"; reset_permissions; fi
        ;;
  *)
        usage
        ;;
 esac
	#!/bin/bash
	#
	# Developed by: Javier Sianes - [email protected]
	#

	BITS="4096"

	username(){
	USERNAME=`echo ${USERNAME} \| tr '[:upper:]' '[:lower:]' \| sed 's/ /_/g'`

	id ${USERNAME} >/dev/null 2>&1

	if [ $? -eq 0 ]
	then
	echo "--- error: \"${USERNAME}\" username exists"
	exit 2
	fi
	}

	usage(){
	echo ""
	echo "Usage: $0 [-r \| -p] username"
	echo ""
	echo " Without options, add a new username and generate a new keypair for this username"
	echo " -r : Reset keypair for an existing username"
	echo " -p : Reset ownership and permissions associated to keypair"
	echo ""
	exit 1
	}

	verify_sudo(){
	sudo ls / >/dev/null 2>&1

	if [ $? -ne 0 ]
	then
	echo "--- error: \"$(whoami)\" username is unable to run sudo commands"
	exit 3
	fi
	}

	add_user(){
	verify_sudo
	username
	echo "--- adding user \"${USERNAME}\" ..."
	sudo useradd -d /home/${USERNAME} -c "${USERNAME}" -s /bin/bash -m ${USERNAME} >/dev/null 2>&1

	if [ $? -eq 0 ]
	then
	echo -n "--- user added: "
	id ${USERNAME}
	echo "--- generating keypair..."
	sudo rm -f /home/${USERNAME}/${USERNAME}.pem /home/${USERNAME}/${USERNAME}.pem.pub >/dev/null 2>&1
	sudo ssh-keygen -b ${BITS} -f /home/${USERNAME}/${USERNAME}.pem -t rsa -N '' >/dev/null 2>&1
	if [ $? -eq 0 ]
	then
	if [ -d /home/${USERNAME} ]
	then
	sudo mkdir /home/${USERNAME}/.ssh >/dev/null 2>&1
	sudo mv -f /home/${USERNAME}/${USERNAME}.pem.pub /home/${USERNAME}/.ssh/authorized_keys >/dev/null 2>&1
	if [ $? -eq 0 ]
	then
	sudo chmod 700 /home/${USERNAME}/.ssh >/dev/null 2>&1
	sudo chmod 600 /home/${USERNAME}/.ssh/authorized_keys >/dev/null 2>&1
	sudo chown -R ${USERNAME}: /home/${USERNAME} >/dev/null 2>&1
	echo "--- keypair generated and configured. New private key for \"${USERNAME}\" username: /home/${USERNAME}/${USERNAME}.pem"
	else
	echo "--- error: unable to configure new keypair"
	exit 252
	fi
	else
	echo "--- error: unable to configure new keypair"
	exit 253
	fi
	else
	echo "--- error: unable to generate a new keypair"
	exit 254
	fi
	else
	echo "--- error: unable to add \"${USERNAME}\" username"
	exit 255
	fi
	}

	reset_permissions(){
	verify_sudo
	id ${USERNAME} >/dev/null 2>&1
	if [ $? -eq 0 ]
	then
	HOMEDIRECTORY=`sudo cat /etc/passwd \| grep "^${USERNAME}:" \| cut -d : -f 6`
	if [ -d ${HOMEDIRECTORY} ]
	then
	sudo chmod 700 ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
	sudo chmod 600 ${HOMEDIRECTORY}/.ssh/authorized_keys ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
	sudo chown ${USERNAME}: ${HOMEDIRECTORY} ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
	sudo chown -R ${USERNAME}: ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
	echo "--- keypair ownership and permissions for \"${USERNAME}\" username with home directory ${HOMEDIRECTORY} repaired"
	else
	echo "--- error: unable to find home directory (${HOMEDIRECTORY}) associated to \"${USERNAME}\" username"
	exit 246
	fi
	else
	echo "--- error: \"${USERNAME}\" username doesn't exists"
	exit 247
	fi
	}

	reset_keypair(){
	verify_sudo
	id ${USERNAME} >/dev/null 2>&1
	if [ $? -eq 0 ]
	then
	HOMEDIRECTORY=`sudo cat /etc/passwd \| grep "^${USERNAME}:" \| cut -d : -f 6`
	sudo rm -f ${HOMEDIRECTORY}/${USERNAME}.pem ${HOMEDIRECTORY}/${USERNAME}.pem.pub >/dev/null 2>&1
	sudo ssh-keygen -b ${BITS} -f ${HOMEDIRECTORY}/${USERNAME}.pem -t rsa -N '' >/dev/null 2>&1
	if [ $? -eq 0 ]
	then
	if [ -d ${HOMEDIRECTORY} ]
	then
	sudo mkdir ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
	sudo mv -f ${HOMEDIRECTORY}/${USERNAME}.pem.pub ${HOMEDIRECTORY}/.ssh/authorized_keys >/dev/null 2>&1
	if [ $? -eq 0 ]
	then
	sudo chmod 700 ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
	sudo chmod 600 ${HOMEDIRECTORY}/.ssh/authorized_keys ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
	sudo chown ${USERNAME}: ${HOMEDIRECTORY} ${HOMEDIRECTORY}/${USERNAME}.pem >/dev/null 2>&1
	sudo chown -R ${USERNAME}: ${HOMEDIRECTORY}/.ssh >/dev/null 2>&1
	echo "--- keypair generated and configured. New private key for \"${USERNAME}\" username: ${HOMEDIRECTORY}/${USERNAME}.pem"
	else
	echo "--- error: unable to configure new keypair"
	exit 251
	fi
	else
	echo "--- error: unable to configure new keypair"
	exit 250
	fi
	else
	echo "--- error: unable to find home directory (${HOMEDIRECTORY}) associated to \"${USERNAME}\" username"
	exit 249
	fi
	else
	echo "--- error: \"${USERNAME}\" username doesn't exists"
	exit 248
	fi
	}

	case "$#" in
	1)
	USERNAME="$1"; add_user
	;;
	2)
	if [ "$1" = "-r" ]; then USERNAME="$2"; reset_keypair; fi
	if [ "$1" = "-p" ]; then USERNAME="$2"; reset_permissions; fi
	;;
	*)
	usage
	;;
	esac