I've been able to create a user on the remote server without a problem with the below command.
ssh -i /home/centos/dummy.pem centos#host_ip 'sudo useradd -s /bin/bash -m testuser'
If I try to create a user on a remote server with shell script, it is throwing the error, passing the host_user, host_ip, and new_user argument like
./test.sh "host_user" "host_ip" "new_user"
#!/bin/bash
#Remote server login user
echo host_user=$1
#Remote server hostname
host_name=$2
#user name
user_name=$3
#user public key
#pub_key=$4
ssh $host_user#$host_name -i /home/centos/dummy.pem 'sudo useradd -s /bin/bash -m $user_name'
Expected:
new user on a remote server.
Actual result:
Usage: useradd [options] LOGIN
useradd -D
useradd -D [options]
Options:
-b, --base-dir BASE_DIR base directory for the home directory of the
new account
-c, --comment COMMENT GECOS field of the new account
-d, --home-dir HOME_DIR home directory
And also tried with "-D" in the script but no luck.
Related
I need to execute this command on Linux server.
string command = $"sudo iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport {port} -j ACCEPT";
When I run the app in VirtulBox, the terminal asks me for a password.
Will this also happen on the server? I can't login to the server and don't know the password.
How can I run the command so that it does not ask for password?
Login to the terminal as root. Make a backup of your /etc/sudoers file.
# cp /etc/sudoers /root/sudoers.bak
Then edit this file by using the visudo command:
# visudo
Edit or append this line, replacing username with the user that will be running your script:
username ALL = NOPASSWD: /usr/sbin/iptables
Save and exit the file.
Test it by executing sudo, from your user account:
$ sudo iptables -V
Now your user can use sudo to execute the iptables command.
If you whant to do this from Linux machine:
You can writ a script with:
sshpass -p "PASSWORD" user#server
and give only execute premition.
I have a docker file where I have customized image myimage derived from some-debian-image (which derived from debian upstream.)
FROM some-debian-image myimge
USERNAME root:root
...........................
RUN chsh -s /bin/bash ${USERNAME}
docker build fails saying :
Password: chsh: PAM: Authentication failure
However, it does not fail with upstream
FROM bebain:bullseye myimage
USERNAME root:root
...........................
RUN chsh -s /bin/bash ${USERNAME}
Developers who have build the some-debian-image have done something add on with /etc/passwd , and it is having content
root:x:0:0:root:/root:/usr/sbin/nologin
May I please know how to successfully run this command :
RUN chsh -s /bin/bash ${USERNAME}
I am comparing docker images setup where it is working and where it is not working , and I found that:
The setup where the above command RUN chsh -s /bin/bash ${USERNAME} is working sudo su can be expected without any password
$ sudo su
#
In contrast in setup where I am facing issue ask for password when run the command sudo su
May I pleas know what changes I should do so that sudo su shall not ask for password?
I'm trying to get terraform to create users for me other than the specified admin and also add them to sudoers to allow my ansible scripts to then run without requiring a sudo login. Optionally, if I could just allow my admin to login and not require sudo passowrd that would work as well since I can add the users I need via ansible.
I have attempted the only option I could find with my feeble googling skills. The option is to add a provisioner to my azurerm_virtual_machine resource that runs the following via remote-exec:
provisioner "remote-exec" {
inline = [
"useradd myuser && echo myuser:password123 | /usr/sbin/chpasswd",
"chmod +w /etc/sudoers && echo \"myuser ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers && chmod -w /etc/sudoers",
]
connection {
user = "myadmin"
agent = false
}
on_failure = "continue"
}
It says that it has successfully run however when I ssh to one of the boxes I provisioned these changes have not taken place. What am I doing wrong?
you can try this script.
#!/bin/bash
set -euo pipefail
USERNAME=$1 # sudo non-root username here
# Create user and immediately expire password to force a change on login
useradd --create-home --shell "/bin/bash" --groups sudo "${USERNAME}"
passwd --delete "${USERNAME}"
chage --lastday 0 "${USERNAME}"
# Create SSH directory for sudo user and move keys over
home_directory="$(eval echo ~${USERNAME})"
mkdir --parents "${home_directory}/.ssh"
cp /root/.ssh/authorized_keys "${home_directory}/.ssh"
chmod 0700 "${home_directory}/.ssh"
chmod 0600 "${home_directory}/.ssh/authorized_keys"
chown --recursive "${USERNAME}":"${USERNAME}" "${home_directory}/.ssh"
# Disable root SSH login with password
sed --in-place 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
# if sshd -t -q; then systemctl restart sshd fi
I am using SSH command to execute the bash scripts remotely:
ssh user#server 'bash -s' < $script_dir/script.sh
And inside the script.sh, I will have the command like below:
ssh-keygen -t rsa
ssh-copy-id postgres#$sqlserver
ssh postgres#$sqlserver -C true
And also
printf "Creating user in postgresql server...\n"
createuser -s -P username
Which need user's input, but I found when I execute the command from the remote server, it will skip getting the users' input and failed.
Another one is:
printf "Please enter your barman server name: \n" ; read -s barmanserver
Which cannot read user's input neither
I know that the script seems cannot read the other terminal's input, but can anyone help me find a solution if I need the user input to continue?
Thanks a lot!!
Eva
I have used something like this in the past. I am not quite sure why I installed sshpass though.
apt-get install sshpass -y
echo "Adding users to new VMs"
adduser adminuser
echo "changing user password"
echo "adminuser:password" | chpasswd
adduser adminuser sudo
It does work, but it gives you some warning.
On my Ubuntu machine, I logged in as "olduser" and created "newuser" using the following command:
adduser --system --home /usr/share/newuser --no-create-home --ingroup newgroup --disabled-password --shell /bin/false newuser
This adds a new line:
newuser:x:104:1001::/usr/share/newuser:/bin/false
to my /etc/passwd file. But when I log into the machine as 'newuser', my home directory is set as /home/olduser.
echo $HOME
gives
/home/olduser
The same command mentioned above works as expected on a Debian machine but not on the Ubuntu machine.
Why could this be happening?
Edit
I tried changing the home directory using the command
usermod -m -d /usr/share/newuser newuser
This also didn't help.
Instead of changing the dir in /etc/passwd try usermod this way:
usermod -m -d /newhome/username username
Since you've already changed this file try logging out and in again.