#!/bin/bash# Usage: create-user username [any other words for the GECOS field]

1. #!/bin/bash
2. # Usage: create-user username [any other words for the GECOS field]
3. # Usually this would be used as 'create-user smithj John Smith - Accounts
4.  
5. # Function for hashing the password to SHA512
6. hash-passwd() {
7.   pwdSalt=$(tr -dc '[:alnum:]' < /dev/urandom | tr -d ' ' | fold -w 8 | head -n 1) 2> /dev/null
8.   pwdSalt="${pwdSalt,,}"
9.   python -c "import crypt; print crypt.crypt('${1}', '\$6\$${pwdSalt}')"
10. }
11.  
12. # Set our base variables
13. newUser="${1:?No Username Supplied}"
14. [[ "${2}" ]] && newGecos="${*:2}"
15.  
16. # Get the new password interactively
17. while true; do
18.   printf '%s\n' "================================"
19.   echo -ne "Please enter the new password and press [Enter]: "
20.   read -s newpwdin1
21.   echo -ne "\nPlease confirm the new password and press [Enter]: "
22.   read -s newpwdin2
23.  
24.   # Compare the two, if they don't match, try again
25.   if [[ "${newpwdin1}" != "${newpwdin2}" ]]; then
26.     echo ""
27.     read -p "The passwords entered do not match.  Press [Enter] to start again."
28.     true
29.   else
30.     # If the passwords match, hash it to a variable
31.     hashedPass=$(hash-passwd "${newpwdin1}")
32.     # And give the condition to exit the while loop
33.     false
34.   fi
35. done
36.  
37. # Add the user, creating homedir and setting a comment if one is given
38. useradd -m -c "${newGecos}" "${newUser}"
39.  
40. # Set the password
41. echo "${newUser}:${hashedPass}" | chpasswd -e
42.  
43. # Create ed25519 ssh keys
44. ssh-keygen -t ed25519 -f /home/"${newUser}"/.ssh/id_ed25519 -q -P ""
45.  
46. # If we want rsa ssh keys, we use a higher number of bits
47. # We can have this alongside the ed25519 key for compatibility with older hosts
48. #ssh-keygen -f /home/"${newUser}"/.ssh/id_rsa -q -P "" -b 4096
49.  
50. # Create a sudoers conf frag, ensuring that it has a blank newline at EOF
51. # Ensuring it passes 'visudo' validation, and is installed with
52. # the correct ownership and permissions.
53. printf -- '%s\n' "some rule text" "" > /tmp/"${newUser}"
54. if visudo -c -f /tmp/"${newUser}" &>/dev/null; then
55.   install -o root -g root -m 440 /tmp/"${newUser}" /etc/sudoers.d/"${newUser}"
56. else
57.   printf '%s\n' "Sudo task failed"
58.   exit 1
59. fi
60.  
61. # Remove any remnants of that sudoers temp file
62. rm -f /tmp/"${newUser}"
63.  
64. # Echo some predefined text to the authorized keys file
65. echo 'sometext' >> /home/"${newUser}"/.ssh/authorized_keys
66.  
67. # Ensure the authorized_keys file has correct permissions
68. chmod 600 /home/"${newUser}"/.ssh/authorized_keys