The below code snippet was used to add SSH users to RackSpace cloud CentOS Linux nodes being used as application servers and managed via RightScale. The SSH users were required during a testing phase so they could look through logs and make modifications to specific configuration files, etc. There are three things that have to happen to create the SSH user, allow them to login, and provide them the necessary rights on the server to accomplish their tasks which include adding the user, modifying the sshd config to allow password logins, and update the sudoers file to enable sudo access for wheel group users.

RightScript Used To Add SSH Users During Linux Instance Boot Process:

#!/bin/bash -e

# add user
useradd -m -p $SSH_USER_PASS1 $SSH_USER1 -g wheel

# add second user
useradd -m -p $SSH_USER_PASS2 $SSH_USER2 -g wheel

# modify sshd_config to allow password logins
/bin/sed -ie "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

# restart sshd
/etc/init.d/sshd restart

# modify sudoers to allow members of wheel group to sudo
/bin/sed -ie "s/# %wheeltALL=(ALL)tALL/%wheeltALL=(ALL)tALL/g" /etc/sudoers

The above script actually adds two users so that portion of the script can easily be modified for more or less SSH users. The variables, which include $SSH_USER1, $SSH_USER_PASS1, $SSH_USER2, and $SSH_USER_PASS2, will be required inputs for the ServerTemplate that the RightScript is applied to. Also not that the \t in the sudoers configuration file modification line represents a tab as explained in this article that was previously written on QD. This script should work for multiple Cloud providers and multiple ServerTemplates representing multiple Linux distributions.


List Price: $29.99 USD
New From: $7.94 USD In Stock
Used from: $3.00 USD In Stock


List Price: $49.85 USD
New From: $37.46 USD In Stock
Used from: $37.44 USD In Stock

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , , , , , , , , , , ,
6 Responses to “RightScale RightScript To Add SSH Users To Linux Nodes On Boot”
  1. Steve Stonebraker says:

    you should use a password that forces the end user to create a new password immediately.

    # for name in someuser anotheruser yetanotheruser; do useradd $name; echo ‘password’ | passwd –stdin $name; chage -d 0 $name; done

    [Reply]

    alex Reply:

    Hello Steve,

    Hah! How goes man. Definitely a good idea and agreed however in this scenario it was a rush job and shared between users.

    Thanks!
    alex

    [Reply]

  2. Steve Stonebraker says:

    I noticed this line in your script does not work:
    # modify sudoers to allow members of wheel group to sudo
    /bin/sed -ie “s/# %wheeltALL=(ALL)tALL/%wheeltALL=(ALL)tALL/g” /etc/sudoers

    Proof and an alternative (that gives passwordless sudo):

    [root@devtest4 scripts]# cat /etc/sudoers | grep wheel
    ## Allows people in group wheel to run all commands
    # %wheel ALL=(ALL) ALL
    # %wheel ALL=(ALL) NOPASSWD: ALL
    [root@devtest4 scripts]# /bin/sed -ie “s/# %wheeltALL=(ALL)tALL/%wheeltALL=(ALL)tALL/g” /etc/sudoers
    [root@devtest4 scripts]# cat /etc/sudoers | grep wheel
    ## Allows people in group wheel to run all commands
    # %wheel ALL=(ALL) ALL
    # %wheel ALL=(ALL) NOPASSWD: ALL
    [root@devtest4 scripts]# perl -pi -e ‘/NOPASSWD/ && s/^..//’ /etc/sudoers
    [root@devtest4 scripts]# cat /etc/sudoers | grep wheel
    ## Allows people in group wheel to run all commands
    # %wheel ALL=(ALL) ALL
    %wheel ALL=(ALL) NOPASSWD: ALL
    [root@devtest4 scripts]#

    [Reply]

    alex Reply:

    Hello Steve,

    Likely just a spacing issue in the way it was formatted. In the example from the article we would not want to provide passwordless sudo either for security concerns.

    Thanks for taking the time to provide an alternative method though for people that may not be worried about the security aspect of passwordless sudo.

    Thanks.
    alex

    [Reply]

  3. Steve Stonebraker says:

    you also need to add user rightscale to wheel or you can’t use mindterm to ssh in:
    # usermod -G wheel -a rightscale

    [Reply]

    alex Reply:

    Hello Steve,

    Having mindterm available was not a requirement for the example. Thanks for noting though for users that may need that functionality.

    Thanks.
    alex

    [Reply]

  4.  
Leave a Reply

*Type the letter/number combination in the abvoe field before clicking submit.

*