Create user and ssh key
This commit is contained in:
mikeconrad
@ -9,19 +9,27 @@
|
|||||||
|
|
||||||
# Define a directory for our jail and a user.
|
# Define a directory for our jail and a user.
|
||||||
JAIL_DIRECTORY=/BASTIONJAIL
|
JAIL_DIRECTORY=/BASTIONJAIL
|
||||||
JAIL_USER=bastionuser
|
JAIL_USER=batchtesting
|
||||||
|
JAIL_GROUP=bastionusers
|
||||||
|
JAIL_HOME=$JAIL_DIRECTORY/home/$JAIL_USER
|
||||||
|
|
||||||
|
|
||||||
|
# Run some cleanup functions.
|
||||||
|
rm -rf $JAIL_HOME
|
||||||
|
userdel $JAIL_USER
|
||||||
|
rm -rf $JAIL_DIRECTORY/etc/hosts
|
||||||
|
|
||||||
|
|
||||||
# Create the necessary directories.
|
# Create the necessary directories.
|
||||||
sudo mkdir -p $JAIL_DIRECTORY/{etc,bin,lib64,lib/x86_64-linux-gnu,dev/urandom,dev/tty}
|
mkdir -p $JAIL_DIRECTORY/{etc,bin,lib64,lib/x86_64-linux-gnu,dev/urandom,dev/tty}
|
||||||
sudo cp /bin/bash $JAIL_DIRECTORY/bin
|
cp /usr/bin/sh $JAIL_DIRECTORY/bin
|
||||||
sudo cp /bin/sleep $JAIL_DIRECTORY/bin
|
cp /bin/sleep $JAIL_DIRECTORY/bin
|
||||||
sudo cp /bin/ssh $JAIL_DIRECTORY/bin
|
cp /bin/ssh $JAIL_DIRECTORY/bin
|
||||||
sudo cp /dev/null $JAIL_DIRECTORY/dev/
|
cp /dev/null $JAIL_DIRECTORY/dev/
|
||||||
|
|
||||||
sudo chown $JAIL_USER:$JAIL_USER $JAIL_DIRECTORY/dev/null
|
|
||||||
|
|
||||||
# Link our hosts file for any network needs.
|
# Link our hosts file for any network needs.
|
||||||
sudo ln -s /etc/hosts $JAIL_DIRECTORY/etc/hosts
|
sudo cp /etc/hosts $JAIL_DIRECTORY/etc/hosts
|
||||||
|
|
||||||
|
|
||||||
Copy_Dependencies(){
|
Copy_Dependencies(){
|
||||||
@ -44,7 +52,44 @@ Copy_Dependencies "/bin/ssh"
|
|||||||
# Banner none
|
# Banner none
|
||||||
|
|
||||||
# Create special devices
|
# Create special devices
|
||||||
|
mknod -m 666 $JAIL_DIRECTORY/null c 1 3
|
||||||
|
mknod -m 666 $JAIL_DIRECTORY/zero c 1 5
|
||||||
|
chown root:root $JAIL_DIRECTORY/null $JAIL_DIRECTORY/zero
|
||||||
|
# Create our user
|
||||||
|
|
||||||
sudo mknod -m 666 $JAIL_DIRECTORY/null c 1 3
|
# Don't remove the group as it could be in use by other users.
|
||||||
sudo mknod -m 666 $JAIL_DIRECTORY/zero c 1 5
|
groupadd --force "$JAIL_GROUP"
|
||||||
sudo chown root:root $JAIL_DIRECTORY/null $JAIL_DIRECTORY/zero
|
useradd $JAIL_USER --home-dir $JAIL_HOME --create --shell /bin/sh -g $JAIL_GROUP
|
||||||
|
mkdir -p $JAIL_HOME/.ssh
|
||||||
|
|
||||||
|
chown :$JAIL_GROUP $JAIL_DIRECTORY/dev/null
|
||||||
|
|
||||||
|
# Update ssh config
|
||||||
|
cat <<EOF > "/tmp/ssh_config"
|
||||||
|
Match Group $JAIL_GROUP
|
||||||
|
ChrootDirectory $JAIL_DIRECTORY
|
||||||
|
Banner none
|
||||||
|
ClientAliveInterval 30
|
||||||
|
ClientAliveCountMax 0
|
||||||
|
EOF
|
||||||
|
|
||||||
|
mv /tmp/ssh_config /etc/ssh/sshd_config.d/00-"$JAIL_GROUP".conf
|
||||||
|
systemctl restart sshd
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
rm -rf "/tmp/$JAIL_USER/sshkey"
|
||||||
|
rm -rf $JAIL_HOME/.ssh/authorized_keys
|
||||||
|
|
||||||
|
mkdir -p "/tmp/$JAIL_USER"
|
||||||
|
ssh-keygen -b 2048 -t rsa -f "/tmp/$JAIL_USER/sshkey"
|
||||||
|
|
||||||
|
cat "/tmp/$JAIL_USER/sshkey.pub" >> $JAIL_HOME/.ssh/authorized_keys
|
||||||
|
|
||||||
|
printf "Here is the needed private key:\n%s" "$(cat /tmp/$JAIL_USER/sshkey)"
|
||||||
|
|
||||||
|
if az; then
|
||||||
|
az keyvault secret set --name BatchTestingSSHKey --vault-name EngineeringTesting --file /tmp/$JAIL_USER/sshkey
|
||||||
|
else
|
||||||
|
echo "No az cli"
|
||||||
|
fi
|
||||||
Reference in New Issue
Block a user