Create user and SSH key via script

Question

I'm working a script that create user and add a key for that user so he can use that key with his username to SSH into my VM

Ex. user = john

useradd -m john &&
cd ~/.ssh/ && 
rm -rf tmp_rsa* &&
ssh-keygen -t rsa -b 4096 -C "john@email.com" -N '' -f john_rsa &&
echo "#tmp_rsa" >> authorized_keys &&
cat john_rsa.pub >> authorized_keys &&
cat authorized_keys &&
service ssh restart &&
echo ">>> Done"

Is the above script is correct to acheive what I want ?

I tried connect with UN : john, and the key generated john_rsa.

I got

Thanks to @marosg and @Takkat

Here is my updated script

adduser -m john &&
cd ~/.ssh/ && 
rm -rf tmp_rsa* &&
ssh-keygen -t rsa -b 4096 -C "john@email.com" -N '' -f john_rsa &&
echo "#tmp_rsa" >> ~john/.ssh/authorized_keys &&
cat john_rsa.pub >> ~john/.ssh/authorized_keys &&
cat authorized_keys &&
echo ">>> Done"

The command `useradd` will not create a home directory for john, but `adduser` will. See https://askubuntu.com/questions/139304/useradd-seems-to-have-failed-in-lubuntu-12-04 — Takkat, Jan 23 '19 at 19:39
There is no option `-m` in Ubuntu. The home directory will be created by default in `/home/` - after that it appears you may want to create your keys as user `john`. — Takkat, Jan 23 '19 at 19:55

score 3 · Accepted Answer · answered Jan 23 '19 at 19:16

3

There are couple of things wrong here:

you create user john and then you do nothing with this user any more
You are adding keys to YOUR user
remote user who needs to login here needs the private key from ssh keypair on the machine from which he is connecting
there is no need to restart ssh service after adding keys

What you need on client side

user generates ssh keypair and provides you public key of this keypair (ssh-keygen ...; cat id_rsa.pub)

What you need on server side is

add user john
add the public key provided by user to ~john/.ssh/authorized_keys (echo id_rsa.pub_provided_by_remote_user >> ~john/.ssh/authorized_keys)

answered Jan 23 '19 at 19:16

marosg

1,313
10
16

I want to do the whole things in 1 script, can you help me adjust what I got. I can update what I got now base on your suggestion, and update my post. Is it ok ? – code-8 Jan 23 '19 at 19:44
What you think of my updated script ? – code-8 Jan 23 '19 at 19:47
If you and that other user are two different humans, it is not possible to do this in one script securely. 1 . User John creates keypair on his machine, there is private key, which is secret and he keeps it on his machine. There is public key, which he sends you as a text 2. On server you create user john and then put that public key to his ~john/.ssh/authorized_keys Above you use `cd ~/.ssh/` which means you are working in YOUR .ssh directory, you need to use ~john/.ssh – marosg Jan 24 '19 at 06:19
If user John has Launchpad account then you can use ssh-import and he does not need to send you his public key but I think this would be too complicated to your setup. – marosg Jan 24 '19 at 06:23

score 0 · Answer 2 · answered Oct 15 '22 at 11:11

Try this


set -euo pipefail

DEV_GROUP="somegroup"
sudo groupadd --force "${DEV_GROUP}"

function adduser() {
    local var_user="$1"
    shift 
    local var_ssh_pub_key="$*"
    id --user "${var_user}" &>/dev/null || sudo useradd --gid "${DEV_GROUP}" --groups wheel,docker "${var_user}"
    echo "${var_user} ALL=(ALL) NOPASSWD:ALL" | sudo tee "/etc/sudoers.d/${var_user}"
    sudo --user "${var_user}" mkdir -p "/home/${var_user}/.ssh"
    sudo --user "${var_user}" touch "/home/${var_user}/.ssh/authorized_keys"
    echo "${var_ssh_pub_key}" | sudo --user "${var_user}" tee "/home/${var_user}/.ssh/authorized_keys"
}

adduser someuser ssh-rsa AAAAB3NzaC1.... user@host

Create user and SSH key via script

2 Answers2