X-Git-Url: https://plomlompom.com/repos/berlin_corona.txt?a=blobdiff_plain;f=bullseye%2Fsetup_scripts%2Finit_user_login.sh;fp=bullseye%2Fsetup_scripts%2Finit_user_login.sh;h=21a8062276707e16790d062de842f07f8f8115f5;hb=276e00b18518697f3f528d05629cfe11c5fb4afc;hp=0000000000000000000000000000000000000000;hpb=7157cf1dd764784ad5ebe0c0f2c96dd39cf10478;p=config diff --git a/bullseye/setup_scripts/init_user_login.sh b/bullseye/setup_scripts/init_user_login.sh new file mode 100755 index 0000000..21a8062 --- /dev/null +++ b/bullseye/setup_scripts/init_user_login.sh @@ -0,0 +1,42 @@ +#!/bin/sh +# This script assumes a server with key-based root access into one of +# key-based access only to a new non-root account plom. +# +# CAUTION: This is optimized for a *fresh* setup. It will overwrite any +# old /etc/ssh/sshd_config. +# +# Dependencies: ssh, scp, properly configured sshd_config file in reach. +set -e + +# Location of an sshd_config with "PermitRootLogin no" and +# "PasswordAuthentication no". +config_tree_prefix="${HOME}/public_repos/config/bullseye" +linkable_files_dir="${config_tree_prefix}/etc_files/server" +system_path_sshd_config='/etc/ssh/sshd_config' +local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" + +# Ensure we have a server name as argument. +if [ $# -eq 0 ]; then + echo "Need server as argument." + false +fi +server="$1" + +# So we're only asked once … +eval $(ssh-agent) +ssh-add + +# This will be used to log-in as root from plom account. +echo 'Asking for new root password.' +ssh root@"${server}" "passwd" + +# Set up plom's ~/.ssh/authorized_keys from root's. +ssh root@"${server}" 'useradd -m plom' +ssh root@"${server}" 'mkdir /home/plom/.ssh' +ssh root@"${server}" 'chown plom:plom /home/plom/.ssh' +ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/' +ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys' + +# Set up SSH config and remove direct SSH login to root. +scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" +ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart'