Remote User Management Scripts

A powerful and secure bash script suite for managing user accounts on remote Linux servers via SSH. Automates user creation, SSH key management, sudo configuration, and user removal across multiple servers.

🚀 Features

Multi-User Support: Create or remove single users or teams with comma-separated lists
Smart SSH Key Generation: Automatically generates individual keys for single users or team keys for multiple users
Flexible Authentication: Use existing SSH keys or auto-generate RSA 4096-bit key pairs
Sudo Management: Configurable sudo access with optional passwordless sudo
Security First: Passwordless SSH authentication with automatic password locking
Error Handling: Comprehensive validation and error handling with colored output
Logging: Detailed operation logs with timestamps
Clean Architecture: Separated local and remote scripts for better maintainability

📋 Requirements

Bash 4.0+ on local machine
SSH access to target servers (preferably as root or with sudo privileges)
Target servers running Linux with standard user management tools
ssh-keygen available on local machine for key generation

🔧 Installation

Clone this repository:

git clone https://github.com/Elwimen/remote-user-management.git
cd remote-user-management

Make scripts executable:

chmod +x acc.sh acc_remote.sh

Configure your SSH config file (~/.ssh/config) with your servers:

Host myserver
    HostName your.server.ip
    User root
    IdentityFile ~/.ssh/your_private_key

📖 Usage

Basic Syntax

./acc.sh <ssh_config_server> <add/remove> <userName> [path_to_public_key] [HasSudo] [Passwordless]

Parameters

Parameter	Description	Required	Default
`ssh_config_server`	SSH server configured in `~/.ssh/config`	✅	-
`add/remove`	Action: create or delete users	✅	-
`userName`	Username or comma-separated list	✅	-
`path_to_public_key`	Path to SSH public key	❌	Auto-generate
`HasSudo`	Grant sudo privileges (true/false, yes/no)	❌	`true`
`Passwordless`	Enable passwordless SSH (true/false, yes/no)	❌	`true`

💡 Examples

Single User Management

# Add user with auto-generated SSH key
./acc.sh myserver add alice

# Add user with existing SSH key
./acc.sh myserver add bob ~/.ssh/bob.pub

# Add user without sudo privileges
./acc.sh myserver add charlie ~/.ssh/charlie.pub false true

# Remove a user
./acc.sh myserver remove alice

Team Management

# Add multiple users with shared team key
./acc.sh myserver add "alice,bob,charlie"

# Add team with existing key and no sudo
./acc.sh myserver add "dev1,dev2,dev3" ~/.ssh/team.pub false true

# Remove multiple users
./acc.sh myserver remove "alice,bob,charlie"

Advanced Examples

# Create admin users with sudo access
./acc.sh production add "admin1,admin2" ~/.ssh/admin_team.pub true true

# Create regular users without sudo
./acc.sh webserver add "user1,user2,user3" "" false true

# Mixed operations
./acc.sh myserver add john ~/.ssh/john.pub true false  # sudo with password
./acc.sh myserver remove "olduser1,olduser2"          # cleanup

🔐 SSH Key Management

Individual Keys (Single User)

When adding a single user without providing a key:

Creates: ./ssh_keys/username_rsa (private) and ./ssh_keys/username_rsa.pub (public)
Each user gets their own unique key pair

Team Keys (Multiple Users)

When adding multiple users without providing a key:

Creates: ./ssh_keys/team_user1_user2_user3_rsa (private/public)
All team members share the same SSH key

Key Distribution

# Generated keys are stored in ./ssh_keys/
ls -la ./ssh_keys/
# -rw------- alice_rsa                    # Private key for alice
# -rw-r--r-- alice_rsa.pub                # Public key for alice
# -rw------- team_bob_charlie_rsa         # Team private key
# -rw-r--r-- team_bob_charlie_rsa.pub     # Team public key

🛡️ Security Features

Username Validation: Enforces Linux username standards and prevents reserved names
Privilege Escalation: Automatic detection of root vs sudo requirements
Password Locking: Disables password authentication when using SSH keys
Secure Permissions: Proper file permissions (700 for .ssh, 600 for authorized_keys)
Cleanup: Automatic removal of temporary files and scripts
Error Handling: Fails securely with proper cleanup on errors

📁 File Structure

remote-user-management/
├── acc.sh              # Main script (runs locally)
├── acc_remote.sh       # Remote script (uploaded to servers)
├── README.md           # This file
├── ssh_keys/           # Generated SSH keys (created automatically)
│   ├── alice_rsa
│   ├── alice_rsa.pub
│   ├── team_bob_charlie_rsa
│   └── team_bob_charlie_rsa.pub
└── logs/               # Operation logs (in /tmp)

🔍 Logging and Debugging

Log Files

All operations are logged with timestamps:

# Logs are stored in /tmp/ with format:
/tmp/acc.sh_YYYYMMDD_HHMMSS.log

Verbose Output

The scripts provide colored, real-time feedback:

🟢 Green: Success messages and completion status
🟡 Yellow: Warnings and important information
🔵 Blue: Informational messages and summaries
🔴 Red: Errors and validation failures

Testing SSH Connection

# Test your SSH configuration before running scripts:
ssh myserver whoami  # Should return 'root' or sudo-enabled user

⚙️ Configuration Examples

SSH Config Setup

# ~/.ssh/config
Host production
    HostName 192.168.1.100
    User root
    IdentityFile ~/.ssh/production_key

Host staging  
    HostName staging.company.com
    User ubuntu
    IdentityFile ~/.ssh/staging_key

Host development
    HostName dev.local
    User admin
    IdentityFile ~/.ssh/dev_key

Sudoers Configuration

The script automatically creates sudoers files:

# /etc/sudoers.d/username
username ALL=(ALL) NOPASSWD:ALL          # Passwordless sudo
username ALL=(ALL:ALL) ALL               # Regular sudo (requires password)

🚨 Error Handling

Common Issues and Solutions

SSH Connection Failed

Error: Cannot connect to SSH server: myserver

Check your ~/.ssh/config configuration
Verify server is accessible: ping your.server.ip
Test SSH manually: ssh myserver

Permission Denied on Remote Server

useradd: Permission denied

Ensure SSH user has root access or sudo privileges
Update SSH config to connect as root: User root
Or ensure user has passwordless sudo configured

Remote Script Not Found

Error: Remote script not found: ./acc_remote.sh

Ensure both acc.sh and acc_remote.sh are in the same directory
Make sure acc_remote.sh is executable: chmod +x acc_remote.sh

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request. For major changes:

Fork the repository
Create a feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add amazing feature')
Push to the branch (git push origin feature/amazing-feature)
Open a Pull Request

Development Guidelines

Follow bash best practices and shellcheck recommendations
Add appropriate error handling and logging
Test on multiple Linux distributions
Update documentation for new features

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

Built following Linux security best practices
Inspired by the need for secure, automated user management
Thanks to the bash and Linux communities for excellent documentation

📞 Support

If you encounter any issues or have questions:

Check the Issues page
Review the error handling section above
Create a new issue with:
- Your operating system and bash version
- Complete error message
- Steps to reproduce the issue
- Relevant log file contents

⚡ Quick Start:

git clone https://github.com/Elwimen/remote-user-management.git
cd remote-user-management
chmod +x *.sh
./acc.sh myserver add testuser

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
.gitignore		.gitignore
README.md		README.md
acc.sh		acc.sh
acc_remote.sh		acc_remote.sh

Elwimen/ssh-user-provisioning

Folders and files

Latest commit

History

Repository files navigation