From ace876458ef3f28922da6803a22278e0c7ed17ad Mon Sep 17 00:00:00 2001
From: AJ ONeal <aj@therootcompany.com>
Date: Thu, 25 Jun 2020 06:58:22 +0000
Subject: [PATCH] update info about command

---
 ssh-adduser/README.md    | 13 +++++++------
 ssh-utils/ssh-adduser.sh | 10 ++++++++--
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/ssh-adduser/README.md b/ssh-adduser/README.md
index 133d22b..8a27a10 100644
--- a/ssh-adduser/README.md
+++ b/ssh-adduser/README.md
@@ -10,26 +10,27 @@ description: |
   `ssh-adduser` will
 
     1. add the user `me`
-    2. sets a random, 32-character password (as a failsafe)
+    2. set a random, 32-character password (as a failsafe)
     3. copy the `root` user's **`~/.ssh/authorized_keys`** (so the same users can still login)
-    4. gives the `me` user `sudo` (admin) privileges
-    5. allows `me` to `sudo` without a password
+    4. give the `me` user `sudo` (admin) privileges
+    5. allow `me` to `sudo` without a password
 ---
 
 How to create a new user named 'me':
 
 ```bash
-# Note: --disable-password means that the user cannot yet login
+# --disable-password prevents a password prompt
+# --gecos "" skips the useless questions
 adduser --disabled-password --gecos "" me
 ```
 
 How to create a and set a random password:
 
 ```bash
-# store a random 16-byte password into 'my_password'
+# sets 'my_password' to 32 random hex characters (16 bytes)
 my_password=$(openssl rand -hex 16)
 
-# use 'my_password' to set the user 'me's password
+# uses 'my_password' for to reset and confirm 'me's password
 printf "$my_password"'\n'"$my_password" | passwd me
 ```
 
diff --git a/ssh-utils/ssh-adduser.sh b/ssh-utils/ssh-adduser.sh
index b9da2ec..e6c7112 100644
--- a/ssh-utils/ssh-adduser.sh
+++ b/ssh-utils/ssh-adduser.sh
@@ -21,16 +21,22 @@
     adduser --disabled-password --gecos "" me
     my_password=$(openssl rand -hex 16)
     printf "$my_password"'\n'"$my_password" | passwd me
+
+    # make 'me' a sudo-er (admin)
     adduser me sudo
     echo "me ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/me
-    sudo -i -u me bash -c 'ssh-keygen -b 2048 -t rsa -f /home/me/.ssh/id_rsa -q -N ""'
+
+    # allow users who can already login as 'root' to login as 'me'
     mkdir -p /home/me/.ssh/
     chmod 0700 /home/me/.ssh/
     cp -r "$HOME/.ssh/authorized_keys" /home/me/.ssh/
     chmod 0600 /home/me/.ssh/authorized_keys
     chown -R me:me /home/me/.ssh/
 
-    # Install webi for the new user
+    # ensure that 'me' has an SSH Keypair
+    sudo -i -u me bash -c 'ssh-keygen -b 2048 -t rsa -f /home/me/.ssh/id_rsa -q -N ""'
+
+    # Install webi for the new 'me' user
     sudo -i -u me bash -c 'curl -fsSL https://webinstall.dev/webi | bash' \
         || sudo -i -u me bash -c 'wget -q -O - https://webinstall.dev/webi | bash'
 
-- 
2.25.1