bulk account creation using easyrsa build-client-full - bash

account creation
here's the image that I run this its only create 1 user at a time and manually entering PEM pass phrase and ca.key pass phrase. but what I want to achieve is import some csv file that contain username and password then import it then automatic create bulk user.
and here's my code trying to achieve it. but it gives me error saying easyrsa error
#!/bin/bash
read -p "Enter Passphase: " passphrase
while IFS=, read user pass;
do
(echo "$pass"; echo "$pass"; echo "$passphrase") | sudo docker-compose run --rm openvpn easyrsa build-client-full "$user"
sudo docker-compose run --rm openvpn ovpn_otp_user "$user"
sudo docker-compose run --rm openvpn ovpn_getclient "$user" > "$HOME/$user.ovpn"
done < accounts.csv
please help I'm new in bash scripting

Related

Running sudo via ssh on remote server

I am trying to write a deployment script which after copying the new release to the server should perform a few sudo commands on the remote machine.
#!/bin/bash
app=$1
echo "Deploying application $app"
echo "Copy file to server"
scp -pr $app-0.1-SNAPSHOT-jar-with-dependencies.jar nuc:/tmp/
echo "Execute deployment script"
ssh -tt stefan#nuc ARG1=$app 'bash -s' <<'ENDSSH'
# commands to run on remote host
echo Hello world
echo $ARG1
sudo ifconfig
exit
ENDSSH
The file gets copied correctly and the passed argument printed as well. But the prompt for the password shows for two seconds then it says "Sorry, try again" and the second prompt shows the text I enter in plain text (meaning not masked) but also does not work if I enter the password correctly.
stefan#X220:~$ ./deploy.sh photos
Deploying application photos
Copy file to server
photos-0.1-SNAPSHOT-jar-with-dependencies.jar 100% 14MB 75.0MB/s 00:00
Execute deployment script
# commands to run on remote host
echo Hello world
echo $ARG1
sudo ifconfig
exit
stefan#nuc:~$ # commands to run on remote host
stefan#nuc:~$ echo Hello world
Hello world
stefan#nuc:~$ echo $ARG1
photos
stefan#nuc:~$ sudo ifconfig
[sudo] password for stefan:
Sorry, try again.
[sudo] password for stefan: ksdlgfdkgdfg
I tried leaving out the -t flags for ssh as well as using -S for sudo which did not help. Any help is highly appreciated.
What I would do :
ssh stefan#nuc bash -s foobar <<'EOF'
echo "arg1 is $1"
echo "$HOSTNAME"
ifconfig
exit
EOF
Tested, work well.
Notes :
for the trick to work, use ssh key pair instead of using a password, it's even more secure
take care of the place of your bash -s argument. Check how I pass it
no need -tt at all
no need sudo to execute ifconfig and better use ip a
I came up with another solution: Create another file with the script to execute on the remote server. Then copy it using scp and in the calling script do a
ssh -t remoteserver sudo /tmp/deploy_remote.sh parameter1
This works as expected. Of course the separate file is not the most elegant solution, but -t and -tt did not work when inlining the script to execute on the remote machine.

Bash script failing [duplicate]

This question already has answers here:
write a shell script to ssh to a remote machine and execute commands
(10 answers)
Closed 9 years ago.
I'm writing a script which purpose is to connect to a number of servers and create an account. The "core" is:
ssh user#ip
sudo su -
useradd -m -p 123 $1
if [ $? -eq 0 ]; then
echo "$1 successfully created on ip."
fi
chage -d 0 $1
chown -R $1 /home/$1
exit #exit root
exit #exit the server
I have established a private-public key relationship between the servers in order to be able to perform the ssh without being prompted for the password, however, when I run the script it does the ssh but then doesn't perform the next commands on the target machine. Instead, when manually exiting from the target server, I see that those commands were executed (or better said, tried to be executed) on the local machine.
So there should be no asking password when run both ssh and sudo command
ssh user#ip bash -c "'
sudo su -
useradd -m -p 123 $1
if [ $? -eq 0 ]; then
echo "$1 successfully created on ip."
fi
chage -d 0 $1
chown -R $1 /home/$1
exit #exit root
exit #exit the server
'"
If you are planning to sudo why don't you just ssh as root: root#ip? Just do:
ssh root#ip 'command1; command2; command3'
In your case if you want to be sure they are all successfull in order to proceed:
ssh root#ip 'USER=someUser; useradd -m -p 123 $USER && chage -d 0 $USER && chown -R $USER /home/$USER'
EDIT:
If the root access is not alowed if would do the following:
Create the script with the commands you want to execute on the remote machine, for instance script.sh:
#!/bin/bash
USER=someUser
useradd -m -p 123 $USER && chage -d 0 $USER && chown -R $USER /home/$USER
Copy the script to the remote machine:
scp script.sh user#ip:/destination/dir
Invoke it remotely:
ssh user#ip 'sudo /destination/dir/script.sh'
EDIT2:
Other option without creating any files:
ssh user#ip "sudo bash -c 'USER=someUser && useradd -m -p 123 $USER && chage -d 0 $USER && chown -R $USER /home/$USER'"
It won't work this way. You shoudl do it like:
ssh user#ip 'yourcommands ; listed ; etc.' or
copy the script you want to execute on the servers via scp /your/scriptname user#ip:/tmp/ then execute it ssh user#ip 'sh /tmp/yourscriptname'
But you are starting another script when starting sudo.
Now you have (at least) two options:
ssh user#ip 'sudo -s -- "yourcommands ; listed ; etc."' or
copy the part after the sudo to a different script, then:
ssh user#ip 'sudo -s -- "sh differentscript"'`

Prompting for MySQLDump password in a bash script?

I'm trying to write a bash script that runs a mysqldump command that uses the -p flag. This flag prompts the user for a password, which works as expected when run in the shell directly, but does not appear when run in a script.
#!/usr/bin/env
ssh user#domain.com 'mysqldump -u mysqluser -p --databases foo | bzip2' > ~/temp/foo-dump.sql.bz2
Now I could embed the password in the script or pass it as an arguments, but I really want the script to prompt the user for the password so the password doesn't show up in my scripts repo or in my bash history.
Anyone have any idea on how to accomplish this?
This should do the trick:
read -p "mysql password: " PASS && ssh user#domain.com 'mysqldump -u mysqluser -p'$PASS' --databases foo | bzip2' > foo-dump.sql.bz2 ; PASS=""
In this case, you will first enter the mysql password, and then be prompted for the ssh password. Note that the mysql password will not be hidden, i.e., someone can read it over your shoulder. If you want to avoid that, use the flag -s
read -s -p "mysql password: " PASS && ...
Note also that there mustn't be any space between the "p" (in -p for password) and the quotation mark for the password variable.
Also, your shebang is not specifying which interpreter to use, which might be a problem. I'd suggest you use #!/bin/bash or #!/usr/bin/env bash.

How to execute chsh using a bash script I put up in github?

I have a gist that I always use to install the packages I need on a fresh server.
http://gist.github.com/4372049
All I need to do is to type the following in the fresh server via ssh
bash -c "$(curl -fsSL https://raw.github.com/gist/4372049)" <mysqlPassword>
I will be good to go.
Now I have this series of steps I always need to perform on a fresh installation of ubuntu.
first at root i did a
echo $SHELL
I saw that I have /bin/bash
then i switch to www-data
sudo su www-data
then i do a
echo $SHELL
I saw that I had
/bin/sh
instead.
So I did a
chsh -s /bin/bash
I was prompted for my www-data password so I gave it.
Password:
after that I switch back to root
exit
then i log back into www-data
sudo su www-data
I checked the $SHELL again
echo $SHELL
I saw that now it is
/bin/bash
listed here in https://askubuntu.com/a/232663/10591
Is there a way to write a bash script I can put up in gist.github.com to use in a similar way to execute?
if so, how do I write the bash script?
UPDATE:
I realized that I was given a vote to close this question because it was deemed too localized.
Let me rephrase this to
how do I write a bash script that I can put up in gist and use it in my linux console such that it can take in arguments for username and password and therefore execute the command
chsh -s /bin/bash
and supplying the password correctly?
This is my attempt: https://gist.github.com/simkimsia/5126919
the su worked, but not the chsh command
Update 2:
I have changed the script to be
EXPECTEDARGS=1
if [ $# -ne $EXPECTEDARGS -o "x$0" == "x" -o $0 == "bash" ]; then
echo "Usage:"
echo " Parameter 1: your username"
echo " Parameter 2: your password"
exit 1
fi
CHANGESHELL_FOR_USER=$0
PASSWORD_OF_USER=$1
########################################
## switch to another user
## read this https://stackoverflow.com/a/1988255/80353
########################################
sudo -u $CHANGESHELL_FOR_USER -H sh -c "chsh -s /bin/bash"
expect "*?assword:*" {send -- "$PASSWORD_OF_USER\r";}
expect eof
after reading how to use a shell script to supply a password when the interface asks for it
and
https://stackoverflow.com/a/1988255/80353
Now the problem is somehow sending the password when prompted for
Password:
As long as you are running the below command as root, you will be fine.
chsh -s /bin/bash <username>
in this case, it is
chsh -s /bin/bash www-data
See https://gist.github.com/simkimsia/4372049#file-installation-12-10-ubuntu-sh-L373

sudo and chpasswd on one line

I need connect to server via ssh and change users' passwords without typing ssh or sudo password.
I found some example but I cannot complete one command.
I found this command for ssh connection without typing password and running sudo command for delete user:
sshpass -p $admin_password ssh -t $admin#$server "echo $admin_password | sudo -S /usr/sbin/userdel -r $usr"
then I found command for change users password:
echo "$usr:$password" | sudo -S /usr/sbin/chpasswd;
Finaly, I want something like this:
sshpass -p $admin_password ssh -t $admin#$server "echo $admin_password | sudo -S echo "$usr:$password" | sudo -S /usr/sbin/chpasswd;"
Do you have any ideas?
Your question is actually going to require 2 things. The command to change a password remotely for a user:
ssh remoteserver 'echo -e "passwdofuser\npasswdofuser" | passwd username'
In order to do that you probably need to be root, or in the sudo config, have "passwd" NOT require a password for your user to run.
visudo
Edit the file:
Cmnd_Alias MYPASSWD = /usr/bin/passwd
yourusername ALL = NOPASSWD: MYPASSWD
That should allow you to ssh in and not have to use a password to run the passwd command.

Resources