withakay · October 23, 2024 06:15
diff --git a/ssh-init-host.sh b/ssh-init-host.sh
 #!/bin/bash

 # Default values
 USER_TO_CREATE=$(whoami)
 IDENTITY_FILE="$HOME/.ssh/id_rsa"
 FORCE=false

 # Function to print usage
 usage() {
    echo "Usage: $0 [-u|--user <username>] [-I|--identity <identity_file>] [--force] <hostname_or_ip>"
    exit 1
 }

 # Function to get confirmation for each step
 confirm_step() {
    local prompt="$1"
    
    # If --force is used, automatically return true (y)
    if [ "$FORCE" = true ]; then
        return 0
    fi
    
    # Otherwise, prompt the user
    while true; do
        read -r -p "$prompt [y/n/c]: " choice
        case "$choice" in
            y|Y ) return 0 ;;  # Proceed
            n|N ) return 1 ;;  # Skip
            c|C ) echo "Script canceled."; exit 0 ;;  # Cancel the script
            * ) echo "Invalid input, please enter 'y' to proceed, 'n' to skip, or 'c' to cancel." ;;
        esac
    done
 }

 # Check if sshpass is installed
 if ! command -v sshpass &> /dev/null; then
    echo "Error: sshpass is not installed. Please install sshpass and run the script again."
    exit 1
 fi

 # Parse arguments
 while [[ "$#" -gt 0 ]]; do
    case $1 in
        -u|--user)
            USER_TO_CREATE="$2"
            shift 2 ;;
        -I|--identity)
            IDENTITY_FILE="$2"
            shift 2 ;;
        --force)
            FORCE=true
            shift ;;
        *)
            HOST="$1"
            shift ;;
    esac
 done

 # Validate that a host was provided
 if [ -z "$HOST" ]; then
    usage
 fi

 # Prompt for root password
 read -sp "Enter root password for $HOST: " ROOT_PASS
 echo

 # Step 1: Check for and install sudo if needed
 if confirm_step "Check and install sudo if needed on $HOST?"; then
    sshpass -p "$ROOT_PASS" ssh -t root@"$HOST" << 'EOF'

    # Check if sudo is already installed
    if command -v sudo >/dev/null 2>&1; then
        echo "Sudo is already installed."
    else
        # Check if 'apt' is present (to confirm it's a Debian-based or compatible system)
        if ! command -v apt >/dev/null 2>&1; then
            echo "This script requires 'apt' to be present for sudo installation. Exiting."
            exit 1
        fi
        
        # Install sudo if not present
        echo "Sudo not found. Installing sudo..."
        apt-get update && apt-get install -y sudo
        if [ $? -eq 0 ]; then
            echo "Sudo installed successfully."
        else
            echo "Failed to install sudo. Exiting."
            exit 1
        fi
    fi

 EOF
 else
    echo "Skipping sudo check and installation."
    exit 1
 fi

 # Step 2: Create the user
 if confirm_step "Create user $USER_TO_CREATE on $HOST?"; then
    sshpass -p "$ROOT_PASS" ssh -t root@"$HOST" << EOF

    if ! id -u "$USER_TO_CREATE" >/dev/null 2>&1; then
        echo "Creating user $USER_TO_CREATE..."
        useradd -m -s /bin/bash "$USER_TO_CREATE"
        echo "$USER_TO_CREATE:$ROOT_PASS" | chpasswd  # Set the user password to the root password
        echo "User $USER_TO_CREATE created with home directory."
    else
        echo "User $USER_TO_CREATE already exists."
    fi

 EOF
 else
    echo "Skipping user creation."
 fi

 # Step 3: Add the user to sudo group
 if confirm_step "Add user $USER_TO_CREATE to sudo group on $HOST?"; then
    sshpass -p "$ROOT_PASS" ssh -t root@"$HOST" << EOF

    usermod -aG sudo "$USER_TO_CREATE"
    echo "$USER_TO_CREATE added to sudo group."

 EOF
 else
    echo "Skipping adding user to sudo group."
 fi

 # Step 4: Copy SSH key to the new user
 if confirm_step "Copy SSH key to the new user ($USER_TO_CREATE)?"; then
    sshpass -p "$ROOT_PASS" ssh-copy-id -i "$IDENTITY_FILE" "$USER_TO_CREATE@$HOST" && echo "SSH key copied successfully."
 else
    echo "Skipping SSH key copy."
 fi

 # Step 5: Test SSH login and sudo
 if confirm_step "Test SSH login and sudo for $USER_TO_CREATE?"; then
    sshpass -p "$ROOT_PASS" ssh "$USER_TO_CREATE@$HOST" "echo '$ROOT_PASS' | sudo -S -l && echo 'Sudo test passed!' || echo 'Sudo test failed!'"
 else
    echo "Skipping SSH login and sudo test."
 fi

 # Step 6: Update SSH config to disable root login and password authentication (final step with warning)
 if confirm_step "WARNING: Disabling root login and password authentication will prevent future root login via SSH. Proceed with updating SSH config on $HOST?"; then
    sshpass -p "$ROOT_PASS" ssh -t root@"$HOST" << EOF

    SSH_CONFIG_FILE="/etc/ssh/sshd_config"

    echo "Backing up current SSH config..."
    cp \$SSH_CONFIG_FILE "\$SSH_CONFIG_FILE.bak"
    echo "SSH config backed up to \$SSH_CONFIG_FILE.bak."

    echo "Disabling root login and password authentication in SSH config..."
    sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' \$SSH_CONFIG_FILE
    sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' \$SSH_CONFIG_FILE
    echo "Root login and password authentication disabled."

    echo "Restarting SSH service..."
    if command -v systemctl >/dev/null 2>&1; then
        systemctl restart sshd && echo "SSHD restarted successfully."
    else
        service ssh restart && echo "SSH service restarted successfully."
    fi

 EOF
 else
    echo "Skipping SSH config modification."
 fi

 echo "Setup complete. You can now log in as $USER_TO_CREATE using SSH key-based authentication."
	#!/bin/bash

	# Default values
	USER_TO_CREATE=$(whoami)
	IDENTITY_FILE="$HOME/.ssh/id_rsa"
	FORCE=false

	# Function to print usage
	usage() {
	echo "Usage: $0 [-u\|--user <username>] [-I\|--identity <identity_file>] [--force] <hostname_or_ip>"
	exit 1
	}

	# Function to get confirmation for each step
	confirm_step() {
	local prompt="$1"

	# If --force is used, automatically return true (y)
	if [ "$FORCE" = true ]; then
	return 0
	fi

	# Otherwise, prompt the user
	while true; do
	read -r -p "$prompt [y/n/c]: " choice
	case "$choice" in
	y\|Y ) return 0 ;; # Proceed
	n\|N ) return 1 ;; # Skip
	c\|C ) echo "Script canceled."; exit 0 ;; # Cancel the script
	* ) echo "Invalid input, please enter 'y' to proceed, 'n' to skip, or 'c' to cancel." ;;
	esac
	done
	}

	# Check if sshpass is installed
	if ! command -v sshpass &> /dev/null; then
	echo "Error: sshpass is not installed. Please install sshpass and run the script again."
	exit 1
	fi

	# Parse arguments
	while [[ "$#" -gt 0 ]]; do
	case $1 in
	-u\|--user)
	USER_TO_CREATE="$2"
	shift 2 ;;
	-I\|--identity)
	IDENTITY_FILE="$2"
	shift 2 ;;
	--force)
	FORCE=true
	shift ;;
	*)
	HOST="$1"
	shift ;;
	esac
	done

	# Validate that a host was provided
	if [ -z "$HOST" ]; then
	usage
	fi

	# Prompt for root password
	read -sp "Enter root password for $HOST: " ROOT_PASS
	echo

	# Step 1: Check for and install sudo if needed
	if confirm_step "Check and install sudo if needed on $HOST?"; then
	sshpass -p "$ROOT_PASS" ssh -t root@"$HOST" << 'EOF'

	# Check if sudo is already installed
	if command -v sudo >/dev/null 2>&1; then
	echo "Sudo is already installed."
	else
	# Check if 'apt' is present (to confirm it's a Debian-based or compatible system)
	if ! command -v apt >/dev/null 2>&1; then
	echo "This script requires 'apt' to be present for sudo installation. Exiting."
	exit 1
	fi

	# Install sudo if not present
	echo "Sudo not found. Installing sudo..."
	apt-get update && apt-get install -y sudo
	if [ $? -eq 0 ]; then
	echo "Sudo installed successfully."
	else
	echo "Failed to install sudo. Exiting."
	exit 1
	fi
	fi

	EOF
	else
	echo "Skipping sudo check and installation."
	exit 1
	fi

	# Step 2: Create the user
	if confirm_step "Create user $USER_TO_CREATE on $HOST?"; then
	sshpass -p "$ROOT_PASS" ssh -t root@"$HOST" << EOF

	if ! id -u "$USER_TO_CREATE" >/dev/null 2>&1; then
	echo "Creating user $USER_TO_CREATE..."
	useradd -m -s /bin/bash "$USER_TO_CREATE"
	echo "$USER_TO_CREATE:$ROOT_PASS" \| chpasswd # Set the user password to the root password
	echo "User $USER_TO_CREATE created with home directory."
	else
	echo "User $USER_TO_CREATE already exists."
	fi

	EOF
	else
	echo "Skipping user creation."
	fi

	# Step 3: Add the user to sudo group
	if confirm_step "Add user $USER_TO_CREATE to sudo group on $HOST?"; then
	sshpass -p "$ROOT_PASS" ssh -t root@"$HOST" << EOF

	usermod -aG sudo "$USER_TO_CREATE"
	echo "$USER_TO_CREATE added to sudo group."

	EOF
	else
	echo "Skipping adding user to sudo group."
	fi

	# Step 4: Copy SSH key to the new user
	if confirm_step "Copy SSH key to the new user ($USER_TO_CREATE)?"; then
	sshpass -p "$ROOT_PASS" ssh-copy-id -i "$IDENTITY_FILE" "$USER_TO_CREATE@$HOST" && echo "SSH key copied successfully."
	else
	echo "Skipping SSH key copy."
	fi

	# Step 5: Test SSH login and sudo
	if confirm_step "Test SSH login and sudo for $USER_TO_CREATE?"; then
	sshpass -p "$ROOT_PASS" ssh "$USER_TO_CREATE@$HOST" "echo '$ROOT_PASS' \| sudo -S -l && echo 'Sudo test passed!' \|\| echo 'Sudo test failed!'"
	else
	echo "Skipping SSH login and sudo test."
	fi

	# Step 6: Update SSH config to disable root login and password authentication (final step with warning)
	if confirm_step "WARNING: Disabling root login and password authentication will prevent future root login via SSH. Proceed with updating SSH config on $HOST?"; then
	sshpass -p "$ROOT_PASS" ssh -t root@"$HOST" << EOF

	SSH_CONFIG_FILE="/etc/ssh/sshd_config"

	echo "Backing up current SSH config..."
	cp \$SSH_CONFIG_FILE "\$SSH_CONFIG_FILE.bak"
	echo "SSH config backed up to \$SSH_CONFIG_FILE.bak."

	echo "Disabling root login and password authentication in SSH config..."
	sed -i 's/^#PermitRootLogin./PermitRootLogin no/' \$SSH_CONFIG_FILE
	sed -i 's/^#PasswordAuthentication./PasswordAuthentication no/' \$SSH_CONFIG_FILE
	echo "Root login and password authentication disabled."

	echo "Restarting SSH service..."
	if command -v systemctl >/dev/null 2>&1; then
	systemctl restart sshd && echo "SSHD restarted successfully."
	else
	service ssh restart && echo "SSH service restarted successfully."
	fi

	EOF
	else
	echo "Skipping SSH config modification."
	fi

	echo "Setup complete. You can now log in as $USER_TO_CREATE using SSH key-based authentication."