Misc: Adding/Enabling a Linux user via ssh public key w/ sudo and to not require a password.
This is a very specific use case, but is helpful when working w/ cloud instance VM's that don't make use of central auth. The following script essentially adds a user to Linux so that they can ssh into the system w/ using their ssh public key and utilize sudo if granted. Running sudo as these users typically requires a password be set. In this case, we are not setting a password on the account as This script circumvents the need for users to provide a password.
Effectively, the script works like so:
- An existing sudoer/root/admin must run this script.
- You provide a username and the user's ssh public key.
- Set sudoer to true or false (or anything other than true really)
- customsudofile path defaults to /etc/sudoers.d/nopasswd
- Essentially, anything in sudoers.d path is ingested by sudoer file as an override.
- customsudodata is what you want to insert into the custom sudo file.
- Default set to allow sudo members to invoke sudo w/o a password.
- Set nopasswdallow to true to insert customsudo file.
This really should go without saying, but this type of setup is a security/operational nightmare. Do yourself a favor and ALWAYS use central auth or some kind of managed identity solution. I only put this out there because I find an occasional need to do something quick and dirty to empower others. ALWAYS follow-up and destroy or re-setup a proper solution.