From: AJ ONeal Date: Thu, 25 Jun 2020 02:41:37 +0000 (+0000) Subject: consolidate ssh utils X-Git-Url: https://git.josue.xyz/?a=commitdiff_plain;h=bd7e09df58fe2012813f60d299c33690aaab4eea;p=webi-installers%2F.git consolidate ssh utils --- diff --git a/ssh-adduser/install.sh b/ssh-adduser/install.sh deleted file mode 100644 index 6400a0c..0000000 --- a/ssh-adduser/install.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -set -e -set -u - -# TODO: a more complete VPS setup - -# TODO would $EUID be better? -if [ "root" != "$(whoami)" ]; then - echo "webi adduser: running user is already a non-root user" - exit 0 -fi - -#apt-get -y update -#apt-get -y install curl wget rsync git - -# Add User -# TODO: might there be a better name? -# me, this, user, self, person, i, who, do, tron -adduser --disabled-password --gecos "" me -my_password=$(openssl rand -hex 16) -printf "$my_password"'\n'"$my_password" | passwd me -adduser me sudo -echo "me ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/me -sudo -i -u me bash -c 'ssh-keygen -b 2048 -t rsa -f /home/me/.ssh/id_rsa -q -N ""' -mkdir -p /home/me/.ssh/ -cp -r $HOME/.ssh/authorized_keys /home/me/.ssh/ -chmod 0600 me:me /home/me/.ssh/authorized_keys -chown -R me:me /home/me/.ssh/ - -# Install webi for the new user -sudo -i -u me bash -c 'curl -fsSL https://webinstall.dev/webi | bash' \ - || sudo -i -u me bash -c 'wget -q -O - https://webinstall.dev/webi | bash' - -# TODO ensure that ssh-password login is off - -echo "Created user 'me' with password '$my_password'" diff --git a/ssh-pubkey/install.sh b/ssh-pubkey/install.sh deleted file mode 100644 index 044e1e1..0000000 --- a/ssh-pubkey/install.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -set -e -set -u - -mkdir -p "$HOME/.ssh/" - -if [ ! -f "$HOME/.ssh/id_rsa" ]; then - ssh-keygen -b 2048 -t rsa -f "$HOME/.ssh/id_rsa" -q -N "" - echo "" -fi - -if [ ! -f "$HOME/.ssh/id_rsa.pub" ]; then - ssh-keygen -y -f "$HOME/.ssh/id_rsa" > "$HOME/.ssh/id_rsa.pub" - echo "" -fi - -# TODO use the comment (if any) for the name of the file -echo "" -echo "~/Downloads/id_rsa.$(whoami).pub": -echo "" -rm -f "$HOME/Downloads/id_rsa.$(whoami).pub": -cp -r "$HOME/.ssh/id_rsa.pub" "$HOME/Downloads/id_rsa.$(whoami).pub" -cat "$HOME/Downloads/id_rsa.$(whoami).pub" -echo "" diff --git a/ssh-setpass/install.sh b/ssh-setpass/install.sh deleted file mode 100644 index 014b68a..0000000 --- a/ssh-setpass/install.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -set -e -set -u - -ssh-keygen -p -f "$HOME/.ssh/id_rsa" diff --git a/ssh-utils/README.md b/ssh-utils/README.md new file mode 100644 index 0000000..2a0d20c --- /dev/null +++ b/ssh-utils/README.md @@ -0,0 +1,35 @@ +--- +title: SSH Utils +homepage: https://webinstall.dev/ssh-utils +tagline: | + SSH Utils: Because --help takes to long. +description: | + SSH Utils includes shortcut commands for some common tasks, including `ssh-pubkey`, `ssh-setpass`, and `ssh-adduser` +--- + +**ssh-pubkey**: + +`ssh-pubkey` will make sure you have an SSH key, and then print it to the screen +and place it in `~/Downloads`. + +```bash +ssh-pubkey +``` + +```txt +~/Downloads/id_rsa.johndoe.pub: + +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTOhRnzDJNBNBXVCgkxkEaDM4IAp81MtE8fuqeQuFvq5gYLWoZND39N++bUvjMRCveWzZlQNxcLjXHlZA3mGj1b9aMImrvyoq8FJepe+RLEuptJe3md4EtTXo8VJuMXV0lJCcd9ct+eqJ0jH0ww4FDJXWMaFbiVwJBO0IaYevlwcf0QwH12FCARZUSwXfsIeCZNGxOPamIUCXumpQiAjTLGHFIDyWwLDCNPi8GyB3VmqsTNEvO/H8yY4VI7l9hpztE5W6LmGUfTMZrnsELryP5oRlo8W5oVFFS85Lb8bVfn43deGdlLGkwmcJuXzZfostSTHI5Mj7MWezPZyoSqFLl johndoe@MacBook-Air +``` + +**ssh-adduser**: + +Many modern web programs (`npm` and `postgres`, for example) will not function +correctly if run as root. `ssh-adduser` adds user `me` with the same +**`~/.ssh/authorized_keys`** as the `root` user, with a long random password, +and gives `me` `sudo` privileges. + +**ssh-setpass**: + +`ssh-setpass` will ask you for your old passphrase (if any) and then for the new +one to reset it with. diff --git a/ssh-utils/install.sh b/ssh-utils/install.sh new file mode 100644 index 0000000..08b3f8a --- /dev/null +++ b/ssh-utils/install.sh @@ -0,0 +1,7 @@ +{ + rm -f "$HOME/.local/bin/ssh-pubkey" "$HOME/.local/bin/ssh-setpass" "$HOME/.local/bin/ssh-adduser" + webi_download "$WEBI_HOST/packages/ssh-utils/ssh-pubkey.sh" "$HOME/.local/bin/ssh-pubkey" + webi_download "$WEBI_HOST/packages/ssh-utils/ssh-setpass.sh" "$HOME/.local/bin/ssh-setpass" + webi_download "$WEBI_HOST/packages/ssh-utils/ssh-adduser.sh" "$HOME/.local/bin/ssh-adduser" + chmod a+x "$HOME/.local/bin/ssh-"* +} diff --git a/ssh-utils/ssh-adduser.sh b/ssh-utils/ssh-adduser.sh new file mode 100644 index 0000000..6400a0c --- /dev/null +++ b/ssh-utils/ssh-adduser.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +set -e +set -u + +# TODO: a more complete VPS setup + +# TODO would $EUID be better? +if [ "root" != "$(whoami)" ]; then + echo "webi adduser: running user is already a non-root user" + exit 0 +fi + +#apt-get -y update +#apt-get -y install curl wget rsync git + +# Add User +# TODO: might there be a better name? +# me, this, user, self, person, i, who, do, tron +adduser --disabled-password --gecos "" me +my_password=$(openssl rand -hex 16) +printf "$my_password"'\n'"$my_password" | passwd me +adduser me sudo +echo "me ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/me +sudo -i -u me bash -c 'ssh-keygen -b 2048 -t rsa -f /home/me/.ssh/id_rsa -q -N ""' +mkdir -p /home/me/.ssh/ +cp -r $HOME/.ssh/authorized_keys /home/me/.ssh/ +chmod 0600 me:me /home/me/.ssh/authorized_keys +chown -R me:me /home/me/.ssh/ + +# Install webi for the new user +sudo -i -u me bash -c 'curl -fsSL https://webinstall.dev/webi | bash' \ + || sudo -i -u me bash -c 'wget -q -O - https://webinstall.dev/webi | bash' + +# TODO ensure that ssh-password login is off + +echo "Created user 'me' with password '$my_password'" diff --git a/ssh-utils/ssh-pubkey.sh b/ssh-utils/ssh-pubkey.sh new file mode 100644 index 0000000..044e1e1 --- /dev/null +++ b/ssh-utils/ssh-pubkey.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e +set -u + +mkdir -p "$HOME/.ssh/" + +if [ ! -f "$HOME/.ssh/id_rsa" ]; then + ssh-keygen -b 2048 -t rsa -f "$HOME/.ssh/id_rsa" -q -N "" + echo "" +fi + +if [ ! -f "$HOME/.ssh/id_rsa.pub" ]; then + ssh-keygen -y -f "$HOME/.ssh/id_rsa" > "$HOME/.ssh/id_rsa.pub" + echo "" +fi + +# TODO use the comment (if any) for the name of the file +echo "" +echo "~/Downloads/id_rsa.$(whoami).pub": +echo "" +rm -f "$HOME/Downloads/id_rsa.$(whoami).pub": +cp -r "$HOME/.ssh/id_rsa.pub" "$HOME/Downloads/id_rsa.$(whoami).pub" +cat "$HOME/Downloads/id_rsa.$(whoami).pub" +echo "" diff --git a/ssh-utils/ssh-setpass.sh b/ssh-utils/ssh-setpass.sh new file mode 100644 index 0000000..014b68a --- /dev/null +++ b/ssh-utils/ssh-setpass.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +set -e +set -u + +ssh-keygen -p -f "$HOME/.ssh/id_rsa"