Del-c.net/debian-first-boot-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add functionality to create an additional user during setup. Implement user input validation, SSH key generation for the additional user, and update firewall configuration to allow access for both sysadmin and additional users. Enhance user feedback throughout the process.

Browse Source
This commit is contained in:
Sérgio
2025-09-05 12:16:59 +01:00
parent 1c3dbcfcd7
commit 7ca71b5bdc
1 changed files with 119 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
setup.sh
View File

@@ -14,6 +14,8 @@ NC='\033[0m' # No Color
### === SETTINGS === ###
SYSADMIN_USER="sysadmin"
CREATE_ADDITIONAL_USER=""
ADDITIONAL_USER=""
USE_UFW=""
USE_FAIL2BAN=""
@@ -45,6 +47,50 @@ check_debian() {
fi
}
# Ask user about creating an additional user
ask_additional_user() {
echo ""
echo -e "${BLUE}=== Additional User Creation ===${NC}"
echo "This script will create the 'sysadmin' user by default."
echo "You can also create an additional user account if needed."
echo ""
read -p "Would you like to create an additional user account? (y/N): " create_user_choice
if [[ "$create_user_choice" =~ ^[Yy]$ ]]; then
CREATE_ADDITIONAL_USER="yes"
echo ""
echo -e "${YELLOW}Enter username for the additional user:${NC}"
echo "(This user will also have sudo privileges)"
echo ""
while true; do
read -p "Username: " username_input
# Validate username
if [[ -z "$username_input" ]]; then
echo -e "${RED}Username cannot be empty. Please try again.${NC}"
continue
elif [[ ! "$username_input" =~ ^[a-z][a-z0-9_-]*$ ]]; then
echo -e "${RED}Invalid username. Use lowercase letters, numbers, hyphens, and underscores only.${NC}"
echo -e "${RED}Username must start with a letter.${NC}"
continue
elif [[ "$username_input" == "$SYSADMIN_USER" ]]; then
echo -e "${RED}Username cannot be the same as sysadmin user. Please choose a different name.${NC}"
continue
elif id "$username_input" &>/dev/null; then
echo -e "${RED}User '$username_input' already exists. Please choose a different name.${NC}"
continue
else
ADDITIONAL_USER="$username_input"
log "Will create additional user: $ADDITIONAL_USER"
break
fi
done
else
CREATE_ADDITIONAL_USER="no"
log "Skipping additional user creation"
fi
}
# Ask user about firewall preferences
ask_firewall_preferences() {
echo ""
@@ -131,6 +177,28 @@ create_sysadmin_user() {
usermod -aG sudo "$SYSADMIN_USER"
}
create_additional_user() {
if [[ "$CREATE_ADDITIONAL_USER" == "yes" && -n "$ADDITIONAL_USER" ]]; then
log "Creating additional user: $ADDITIONAL_USER"
if id "$ADDITIONAL_USER" &>/dev/null; then
warn "User $ADDITIONAL_USER already exists, skipping creation"
else
# Create user with home directory
useradd -m -s /bin/bash "$ADDITIONAL_USER"
log "User $ADDITIONAL_USER created successfully"
# Set password for additional user
echo "Please set a password for user $ADDITIONAL_USER:"
passwd "$ADDITIONAL_USER"
fi
# Add additional user to sudo group
log "Adding $ADDITIONAL_USER to sudo group..."
usermod -aG sudo "$ADDITIONAL_USER"
fi
}
configure_security() {
# Disable root SSH login
log "Disabling root SSH login..."
@@ -148,7 +216,11 @@ configure_security() {
echo "MaxAuthTries 3"
echo "ClientAliveInterval 300"
echo "ClientAliveCountMax 2"
echo "AllowUsers $SYSADMIN_USER"
if [[ "$CREATE_ADDITIONAL_USER" == "yes" && -n "$ADDITIONAL_USER" ]]; then
echo "AllowUsers $SYSADMIN_USER $ADDITIONAL_USER"
else
echo "AllowUsers $SYSADMIN_USER"
fi
} >> /etc/ssh/sshd_config
# Remove/lock root password
@@ -311,39 +383,45 @@ generate_ssh_keys() {
read -p "Enter your email: " user_email
# Generate SSH key for sysadmin user
generate_sysadmin_ssh_key "$user_email"
generate_user_ssh_key "$SYSADMIN_USER" "$user_email"
# Generate SSH key for additional user if created
if [[ "$CREATE_ADDITIONAL_USER" == "yes" && -n "$ADDITIONAL_USER" ]]; then
generate_user_ssh_key "$ADDITIONAL_USER" "$user_email"
fi
# Generate SSH key for root user
generate_root_ssh_key "$user_email"
}
generate_sysadmin_ssh_key() {
local user_email="$1"
local sysadmin_home="/home/$SYSADMIN_USER"
local ssh_dir="$sysadmin_home/.ssh"
generate_user_ssh_key() {
local username="$1"
local user_email="$2"
local user_home="/home/$username"
local ssh_dir="$user_home/.ssh"
local ssh_key="$ssh_dir/id_ed25519"
log "Setting up SSH key for user: $SYSADMIN_USER"
log "Setting up SSH key for user: $username"
# Create .ssh directory for sysadmin user if it doesn't exist
# Create .ssh directory for user if it doesn't exist
if [ ! -d "$ssh_dir" ]; then
sudo -u "$SYSADMIN_USER" mkdir -p "$ssh_dir"
sudo -u "$SYSADMIN_USER" chmod 700 "$ssh_dir"
sudo -u "$username" mkdir -p "$ssh_dir"
sudo -u "$username" chmod 700 "$ssh_dir"
fi
if [ ! -f "$ssh_key.pub" ]; then
log "Generating SSH key for $SYSADMIN_USER..."
log "Generating SSH key for $username..."
# Generate SSH key as sysadmin user
sudo -u "$SYSADMIN_USER" ssh-keygen -t ed25519 -C "$user_email" -f "$ssh_key" -N ""
# Generate SSH key as user
sudo -u "$username" ssh-keygen -t ed25519 -C "$user_email" -f "$ssh_key" -N ""
# Set proper permissions
sudo -u "$SYSADMIN_USER" chmod 600 "$ssh_key"
sudo -u "$SYSADMIN_USER" chmod 644 "$ssh_key.pub"
sudo -u "$username" chmod 600 "$ssh_key"
sudo -u "$username" chmod 644 "$ssh_key.pub"
log "SSH key generated successfully for $SYSADMIN_USER"
log "SSH key generated successfully for $username"
else
warn "SSH key already exists for $SYSADMIN_USER"
warn "SSH key already exists for $username"
fi
}
@@ -392,6 +470,18 @@ show_ssh_keys() {
echo "----------------------------------------"
echo ""
# Show additional user SSH key if created
if [[ "$CREATE_ADDITIONAL_USER" == "yes" && -n "$ADDITIONAL_USER" ]]; then
local additional_home="/home/$ADDITIONAL_USER"
local additional_ssh_key="$additional_home/.ssh/id_ed25519.pub"
echo -e "${YELLOW}ADDITIONAL USER ($ADDITIONAL_USER) SSH KEY:${NC}"
echo "----------------------------------------"
cat "$additional_ssh_key"
echo "----------------------------------------"
echo ""
fi
echo -e "${YELLOW}ROOT USER SSH KEY:${NC}"
echo "----------------------------------------"
cat "$root_ssh_key"
@@ -399,8 +489,13 @@ show_ssh_keys() {
echo ""
echo -e "${YELLOW}Instructions:${NC}"
echo "1. Copy both keys above"
echo "2. Add both keys to your git server and any other systems you need access to"
if [[ "$CREATE_ADDITIONAL_USER" == "yes" && -n "$ADDITIONAL_USER" ]]; then
echo "1. Copy all keys above"
echo "2. Add all keys to your git server and any other systems you need access to"
else
echo "1. Copy both keys above"
echo "2. Add both keys to your git server and any other systems you need access to"
fi
echo "3. You can now use these keys for SSH authentication"
echo ""
read -p "Press Enter to continue..."
@@ -489,7 +584,8 @@ main() {
echo "This script will:"
echo "1. Set up a secure Debian 12 system"
echo "2. Create a sysadmin user with SSH key authentication"
echo "3. Generate SSH keys for both sysadmin and root users"
echo "3. Optionally create an additional user account"
echo "4. Generate SSH keys for all created users and root"
echo ""
read -p "Continue? (y/N): " confirm
@@ -498,12 +594,14 @@ main() {
exit 0
fi
# Ask for firewall preferences
# Ask for user and firewall preferences
ask_additional_user
ask_firewall_preferences
# System setup
setup_system
create_sysadmin_user
create_additional_user
configure_security
# SSH key setup