#!/bin/sh # Script per la gestione centralizzata degli utenti amministrativi # ver. 1.0 # Inserire qui gli utenti da creare/aggiornare, separati da virgola SYSUSER='maumar,maurizio,giovanni,cost,renato,andreab,vito,francesco,christian,alejandro,raul' # Inserire qui le chiavi degli utenti da creare/aggiornare maumar_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCKRXCDxL65ZtUqQxsa9O6vYh31RmjU+oZbMcAHGNknGOPqGKkgmy8iZp29jMN7AUFUlA/UAtOHmMUVy3BfBBPZlWaqB/d201GxKLyKq2f8xNjZEMJ22V6VWPm8s7wpUzSN7iDfcCDSCJq/Y8AEy5VJHGsK+8h/xYC+wajG2Y8Q/1GoaK0YesMp16roVNsOLEbE8qNgnZ5My8nroonj6/1gHDDzyvKXUKea8B6tqNsTkPkJkwWFJWb8r1+VNnavHpfOuVk5qd/toddJYFePvH5giAVXn0Wqz4LWDNa1m3PinitxNbWDiJ6s6Y/DRPxZZqXiOwTOXMqboCsHbYliBSP maumar@tikal.homenet.telecomitalia.it" maurizio_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCKRXCDxL65ZtUqQxsa9O6vYh31RmjU+oZbMcAHGNknGOPqGKkgmy8iZp29jMN7AUFUlA/UAtOHmMUVy3BfBBPZlWaqB/d201GxKLyKq2f8xNjZEMJ22V6VWPm8s7wpUzSN7iDfcCDSCJq/Y8AEy5VJHGsK+8h/xYC+wajG2Y8Q/1GoaK0YesMp16roVNsOLEbE8qNgnZ5My8nroonj6/1gHDDzyvKXUKea8B6tqNsTkPkJkwWFJWb8r1+VNnavHpfOuVk5qd/toddJYFePvH5giAVXn0Wqz4LWDNa1m3PinitxNbWDiJ6s6Y/DRPxZZqXiOwTOXMqboCsHbYliBSP maumar@tikal.homenet.telecomitalia.it" giovanni_key="ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAg0tdI/Z8tXOiTE7Ix9OcDAr0L+xk18hslSWYeyz1sVZvCsFUNfuw9D25NAUgPmtFzaa8243wwyC4Gkm06n0Dr7qiC9ic9Qd+ZwN00fcxhGCzDBT1frjY0ph6F3FuUx7uswsnmt2snmPPhXC0cDh6eADeLQdwQVFtL+xdfW6tXd0= giovanni.m" cost_key="ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAjjJIvFFIUvr0IHqw7IxnM4m3xL2n42ou2NdpMB1nzJ4vICoJXxt8S47g8pI6S4NJKkmhyQ2WjC+R6evBmhUbPRwR87fOPndrxRDy+Md+wo1zwXrZoqRdtvxWebUxM3JLtsRk9xcCMDVgDerdtJ3k5vF9w8EXeWOHik0bLsatAO8= rsa-key-20191026" renato_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJZfDykLmTiH0JokNtW3bf5GV3sglFa3M8awCViErJpe9+cjgcr9rf3WZ4McOodTBzfLcD8pkjdr1IPdGuzjeU9Ez1XFlwogGPfkhLi94upkIHU7TwbA3dgdFH5ibCCqchFHldXz1dXTGpR7sWEWZySBe1EBTBgECMpavkvyXq+1rZuRG7VTd8Qc7xgAuj3HrZH5vObJYYu7MGTZEFgMHKlkFsWDHZqqeDYgkI3dxne47ry+oXXeQG3pQLAWOMnEWKH6mjk1xMojOqWTnQBjN3+ACAdKeWafqckMLjzAGZ1LSKRxoDNUHh4F/2MQx5d+6p+gC+g+tqTbvKj2yP4Onb renato@renato-Vostro1510" marco_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSN9tdr6MTYLwv8DELIgIEjn/UVgpXDL0q0sXfjNbPh2hYufjXYKMkeW5bgwYUyhty0c6V6ikd0fhuqV28gQMETH4ZemQbeZnQtZX8nHJ5hJvgoZaiQtMc46c5g8D0bMm8/etNc4Y66L1zhisEhAsLJLNspWSr5JqzxvSAzg2TncV40Zu5+lGOQbIudX3+UiFbyRga8B0PFniOnKWIFqT0ms9NjPa5cK9sh+DcPErfOAd6NBuy33GZFNnr9C2bD8gbMYx++puhl9Lll4SojRy5K/TQ6Xux/QY7zF5uoQsESrIc6K29ZyOUmQws7Vx0+kcB2b/gNeX5V54bVjLKEAPC9cQRIi8lneizmzekF8O4dxBKwnifYC74kP0qH8UkK+ZKXZU3WmgQkT/CeECg/cu2XqElCHHc138QNT1jenlzsMNhuTLk28aZv69oTj/HpbJpRE6PSalqyDCZZrUyu5hNYtaklw5+/WIYRUeH6nKZjr2cS46sWCVyTeepZujJmoU= AzureAD+MarcoPinna@LAPTOP-HF2JGHIE" vito_key="ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAzuf3K33PxwiEkkp/IAnR2Sovym5H5eIoKXPwdtjCn5twXU8NqAtsqJEs3ZQvuWuPOLiPQ4xV1n44AXlLBz48UigoRI1y0zvvomdGBQDUV4QR6z9PqKo2eqnUVgkjtos14D+yjsKO4hkiN+Fy2c4+aYxLBGY8ejNJtQ0OJEV41F8= vito" andreab_key="ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAwl/R2jP7cVyd+ajGc+92aSFVsXqAeP2s0wBxqduhafA3bPGUYlPcT50LIXY1ZYgsIgMLuROEp0nxMkpC7add7wCbPHTkHpMtoYfNaaCTBHXE+5ILIA5qb6kpgU2ISAqf3eybT0DzdBg3DoVrQXV2hz41HHSY+8KjXldcEz3NUcM=" francesco_key="ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIB5yhGOBbZEtHnXJk88FkfYd4NgDkadBVfabKzBpRS0H8mtQtPbJk+SJ2KLstUP+dNUlh8aGP6nd66C6lB5tD/Gw6aGxRsgBs8UHWTveEvY7WXCrrVRqSwmPLfIVMmpfRsugXh3sfi9D1kGqbaT+/z9VomnFkoH1PDFsyRVl+gyuQ== rsa-key-20101025" christian_key="ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBdjZP0w7dHqCqwhJlI81537lRgYLsmx4vgISnG9laLfnihggJW6Db0t8Oi+UBJ32zgsmnrqg4Be45hDZxreoM4jzBJQDwJ8P27R+EN4tr8jIFE7VQi+fNCp059nLGzLgcSqJKm4yjvx8xUANCkT9fg6Vg53nndSyhoyeNiI7Dipw==" alejandro_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCQ4dk2n2E13B/rB4cByiDx9i9TK9X2lEQZ4tF0DLFDjwvcO4X8K+nLtJN0yP1P4ibgLz8r/ejrR97rgdpWrQhx4IJxfnWmajB+iNRVBbt4d4i6CHEKvVcAwXdwkxm/0M9EXUJv0FirnR7EnsAFtvePBuInOL3stjPlRetMJPDYT7qznJJmf3aucIAxkOcSUk8jwcbuxAKS0IGWXMF03IdmfSblMRurnkSwNcNKCCS/2lJX5YpyEnUmjHV6kdMyBb+qPsGgjC5E7GUZ3FluKZDzhCMjtJM72OMWWioNOEAgaSnneKEgfM1185BLSjsy2gOXajwaXZCYJUlLUaCCLieF alejandro" raul_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCK6wfteGXQvlJKt4+krqCce2Ozz1ZC15iV8iFL9msLMQWKdAGjO1KOUDB0RfVVLSJaX4CqmSlK8zrnwS27iLXtrcZ41FchTWB+yr3Som5tMcFD3HEdv0clKpn7ZBzue3xqXIGM0smTZ5mZNz45BKHs0gl0TFv9hGtmYMn8Zp1tBn4C7mI6AX2KhK9nQEt/M+ZgOb7l8W3INgJPenoPJMs1OPwjW+0AYAKV5rhOiZhtDv/Y9MnEVkr6KMPqhaVwm7zGV/IqY9+P/oDVovM3axTtnrjpo2FdoCiMYaSWVlVFEUxvq1O0I2hzGaPL0KnnMWtQ4U7JgWE6Gd4A5vhLXEsJ Raul" # Inserire qui gli utenti da eliminare, separati da virgola #DELSYSUSER='riccardo' DELSYSUSER='marco' #==================================================================== IFS=, OSTYPE=`uname` which useradd >/dev/null 2>&1 if [ $? -eq 0 ]; then USERADD=`which useradd` elif [ -x /sbin/useradd ]; then USERADD=/sbin/useradd elif [ -x /usr/sbin/useradd ]; then USERADD=/usr/sbin/useradd fi which grep >/dev/null 2>&1 if [ $? -eq 0 ]; then GREP=`which grep` elif [ -x /bin/grep ]; then GREP=/bin/grep elif [ -x /usr/bin/grep ]; then GREP=/usr/bin/grep fi which usermod >/dev/null 2>&1 if [ $? -eq 0 ]; then USERMOD=`which usermod` elif [ -x /sbin/usermod ]; then USERMOD=/bin/usermod elif [ -x /usr/sbin/usermod ]; then USERMOD=/usr/sbin/usermod fi # Loop per tutti gli utenti da creare/aggiornare for curruser in $SYSUSER; do currname=${curruser}_key eval currkey=\$$currname $GREP "^$curruser" /etc/passwd > /dev/null 2>&1 if [ $? -ne 0 ]; then # L'utente non esiste. Crealo. if [ "$OSTYPE" = "Linux" ] ; then $USERADD -m -d /home/$curruser -c "utente admin $curruser" $curruser $USERMOD -p '*' $curruser elif [ "$OSTYPE" = "FreeBSD" ] ; then /usr/sbin/pw groupadd $curruser /usr/sbin/pw useradd -m -d /home/$curruser -c "utente admin $curruser" -g $curruser -n $curruser fi `which mkdir` /home/$curruser/.ssh/ if [ "$OSTYPE" = "Linux" ]; then /bin/chown $curruser:$curruser /home/$curruser/.ssh/ /bin/chmod 700 /home/$curruser/.ssh/ echo $currkey > /home/$curruser/.ssh/authorized_keys /bin/chown $curruser:$curruser /home/$curruser/.ssh/authorized_keys /bin/chmod 600 /home/$curruser/.ssh/authorized_keys echo "$curruser ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$curruser /bin/chmod 440 /etc/sudoers.d/$curruser fi if [ "$OSTYPE" = "FreeBSD" ]; then /usr/sbin/chown $curruser:$curruser /home/$curruser/.ssh/ /bin/chmod 700 /home/$curruser/.ssh/ echo $currkey > /home/$curruser/.ssh/authorized_keys /usr/sbin/chown $curruser:$curruser /home/$curruser/.ssh/authorized_keys /bin/chmod 600 /home/$curruser/.ssh/authorized_keys echo "$curruser ALL=(ALL) NOPASSWD: ALL" > /usr/local/etc/sudoers.d/$curruser /bin/chmod 440 /usr/local/etc/sudoers.d/$curruser fi else # L'utente esiste. Verifica la corrispondenza della chiave. $GREP $currkey /home/$curruser/.ssh/authorized_keys > /dev/null 2>&1 if [ $? -ne 0 ]; then # La chiave non corrisponde. Sostituiscila. if [ ! -d /home/$curruser/ ]; then # La home non esiste. Creala. `which mkdir` /home/$curruser/ # Impostane i privilegi corretti. if [ "$OSTYPE" = "Linux" ]; then /bin/chown $curruser:$curruser /home/$curruser/ fi if [ "$OSTYPE" = "FreeBSD" ]; then /usr/sbin/chown $curruser:$curruser /home/$curruser/ fi fi if [ ! -d /home/$curruser/.ssh/ ]; then # La cartella .ssh non esiste. Creala. `which mkdir` /home/$curruser/.ssh/ # Impostane i privilegi corretti. if [ "$OSTYPE" = "Linux" ]; then /bin/chown $curruser:$curruser /home/$curruser/.ssh/ fi if [ "$OSTYPE" = "FreeBSD" ]; then /usr/sbin/chown $curruser:$curruser /home/$curruser/.ssh/ fi /bin/chmod 700 /home/$curruser/.ssh/ fi if [ ! -f /home/$curruser/.ssh/authorized_keys ]; then # Il file authorized_keys non esiste. Crealo. echo $currkey > /home/$curruser/.ssh/authorized_keys # Impostane i privilegi corretti. /bin/chmod 600 /home/$curruser/.ssh/authorized_keys else # Il file authorized_keys esiste. Aggiornalo. echo $currkey > /home/$curruser/.ssh/authorized_keys # Impostane i privilegi corretti. /bin/chmod 600 /home/$curruser/.ssh/authorized_keys fi # Imposta il proprietario corretto per il file if [ "$OSTYPE" = "Linux" ]; then /bin/chown $curruser:$curruser /home/$curruser/.ssh/authorized_keys elif [ "$OSTYPE" = "FreeBSD" ]; then /usr/sbin/chown $curruser:$curruser /home/$curruser/.ssh/authorized_keys fi fi # Verifica la presenza del file in sudoers.d if [ "$OSTYPE" = "Linux" ]; then if [ ! -f /etc/sudoers.d/$curruser ]; then # Il file non esiste. Crealo echo "$curruser ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$curruser fi /bin/chmod 440 /etc/sudoers.d/$curruser elif [ "$OSTYPE" = "FreeBSD" ]; then if [ ! -f /usr/local/etc/sudoers.d/$curruser ]; then # Il file non esiste. Crealo echo "$curruser ALL=(ALL) NOPASSWD: ALL" > /usr/local/etc/sudoers.d/$curruser fi /bin/chmod 440 /usr/local/etc/sudoers.d/$curruser fi fi done # Loop per tutti gli utenti da eliminare for curruser in $DELSYSUSER; do $GREP "^$curruser" /etc/passwd > /dev/null 2>&1 if [ $? -eq 0 ]; then # L'utente esiste. Eliminalo. if [ "$OSTYPE" = "Linux" ]; then which userdel >/dev/null 2>&1 if [ $? -eq 0 ]; then USERDEL=`which userdel` elif [ -x /sbin/userdel ]; then USERDEL=/sbin/userdel elif [ -x /usr/sbin/userdel ]; then USERDEL=/usr/sbin/userdel fi rm -f /home/$curruser/.ssh/authorized_keys rm -f /etc/sudoers.d/$curruser $USERDEL -r $curruser fi if [ "$OSTYPE" = "FreeBSD" ]; then rm -f /home/$curruser/.ssh/authorized_keys rm -f /usr/local/etc/sudoers.d/$curruser /usr/sbin/pw userdel $curruser -r fi fi done /bin/sed -i -e /PermitRootLogin/s/yes/no/1 /etc/ssh/sshd_config /bin/sed -i -e /PasswordAuthentication/s/yes/no/g /etc/ssh/sshd_config /bin/sed -i -e /PermitRootLogin\ no/s/^#//1 /etc/ssh/sshd_config systemctl restart sshd