From 90f0681ea852308f71ded6983f514d7685adc837 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 19 Jun 2020 08:05:29 +0000 Subject: [PATCH] add some vps setup utils --- adduser/README.md | 15 +++++++++++++++ adduser/install.sh | 35 +++++++++++++++++++++++++++++++++++ ssh-pubkey/README.md | 9 +++++++++ ssh-pubkey/install.sh | 25 +++++++++++++++++++++++++ ssh-setpass/README.md | 9 +++++++++ ssh-setpass/install.sh | 6 ++++++ 6 files changed, 99 insertions(+) create mode 100644 adduser/README.md create mode 100644 adduser/install.sh create mode 100644 ssh-pubkey/README.md create mode 100644 ssh-pubkey/install.sh create mode 100644 ssh-setpass/README.md create mode 100644 ssh-setpass/install.sh diff --git a/adduser/README.md b/adduser/README.md new file mode 100644 index 0000000..76f1543 --- /dev/null +++ b/adduser/README.md @@ -0,0 +1,15 @@ +--- +title: Adduser +homepage: https://webinstall.dev/adduser +tagline: | + Because friends don't let friends run as root +linux: true +description: | + Adds user `bob` with the same **`~/.ssh/authorized_keys`** as the root user, exiting early if run by a non-root user. +--- + +Check that `bob` exists + +```bash +ls /home/ +``` diff --git a/adduser/install.sh b/adduser/install.sh new file mode 100644 index 0000000..9b40446 --- /dev/null +++ b/adduser/install.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +set -e +set -u + +# TODO: a more complete VPS setup + +# TODO would $EUID be better? +if [ "root" != "$(whoami)" ]; then + echo "webi adduser: running user is already a non-root user" + exit 0 +fi + +#apt-get -y update +#apt-get -y install curl wget rsync git + +# Add User +adduser --disabled-password --gecos "" bob +my_password=$(openssl rand -hex 16) +printf "$my_password"'\n'"$my_password" | passwd bob +adduser bob sudo +echo "bob ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/bob +sudo -i -u bob bash -c 'ssh-keygen -b 2048 -t rsa -f /home/bob/.ssh/id_rsa -q -N ""' +mkdir -p /home/bob/.ssh/ +cp -r $HOME/.ssh/authorized_keys /home/bob/.ssh/ +chmod 0600 bob:bob /home/bob/.ssh/authorized_keys +chown -R bob:bob /home/bob/.ssh/ + +# Install webi for the new user +sudo -i -u bob bash -c 'curl -fsSL https://webinstall.dev/webi | bash' \ + || sudo -i -u bob bash -c 'wget -q -O - https://webinstall.dev/webi | bash' + +# TODO ensure that ssh-password login is off + +echo "Created user 'bob' with password '$my_password'" diff --git a/ssh-pubkey/README.md b/ssh-pubkey/README.md new file mode 100644 index 0000000..8514a9d --- /dev/null +++ b/ssh-pubkey/README.md @@ -0,0 +1,9 @@ +--- +title: SSH Pub Key +homepage: https://webinstall.dev/ssh-pubkey +tagline: | + Get your SSH public key. +linux: true +description: | + `ssh-pubkey` will make sure you have an SSH key, and then print it to the screen and place it in `~/Downloads` +--- diff --git a/ssh-pubkey/install.sh b/ssh-pubkey/install.sh new file mode 100644 index 0000000..044e1e1 --- /dev/null +++ b/ssh-pubkey/install.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e +set -u + +mkdir -p "$HOME/.ssh/" + +if [ ! -f "$HOME/.ssh/id_rsa" ]; then + ssh-keygen -b 2048 -t rsa -f "$HOME/.ssh/id_rsa" -q -N "" + echo "" +fi + +if [ ! -f "$HOME/.ssh/id_rsa.pub" ]; then + ssh-keygen -y -f "$HOME/.ssh/id_rsa" > "$HOME/.ssh/id_rsa.pub" + echo "" +fi + +# TODO use the comment (if any) for the name of the file +echo "" +echo "~/Downloads/id_rsa.$(whoami).pub": +echo "" +rm -f "$HOME/Downloads/id_rsa.$(whoami).pub": +cp -r "$HOME/.ssh/id_rsa.pub" "$HOME/Downloads/id_rsa.$(whoami).pub" +cat "$HOME/Downloads/id_rsa.$(whoami).pub" +echo "" diff --git a/ssh-setpass/README.md b/ssh-setpass/README.md new file mode 100644 index 0000000..8d3ac04 --- /dev/null +++ b/ssh-setpass/README.md @@ -0,0 +1,9 @@ +--- +title: SSH setpass +homepage: https://webinstall.dev/ssh-setpass +tagline: | + Set a new passphrase on your SSH Private Key. +linux: true +description: | + `ssh-setpass` will ask you for your old passphrase and then for the new one to reset it with. +--- diff --git a/ssh-setpass/install.sh b/ssh-setpass/install.sh new file mode 100644 index 0000000..014b68a --- /dev/null +++ b/ssh-setpass/install.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +set -e +set -u + +ssh-keygen -p -f "$HOME/.ssh/id_rsa" -- 2.25.1