Home / ubuntu / Questions / 638889
Accepted
D.Zou
Asked: 2015-06-21 10:05:17 +0800 CST

how to create users on the fly

  • 772

This is just a bad idea that I just had.

Is there a way create users accounts on the fly?

Say I have a Ubuntu vm created, and I want to give a bunch of people access. But for whatever reason I don't particularly care about what they do with it.

How can I set it up that when user A ssh into the vm the user's account will automatically be created?

and yes, I know in theory, I could just create a guest account and share that with the people that need access. but then a bunch of people will be sharing the account and I also want to log what everybody did so having them on the same account would make it very difficult.

and yes, this is a very bad idea.

ssh

2 Answers

  1. Best Answer

    I like a challenge. Yes you can do this, if you are willing to let the first ssh fail. The following script (which I actually tested) tails the sshd log, which by default (on my system) produces lines like this on a failed ssh login:

    Jun 20 21:06:35 home sshd[18163]: Invalid user dummy from ::1

    When such a line is matched, the user id (dummy in this example) is extracted and a user account is created with a encrypted password which is the same as the user id (dummy). A second attempt to login will now work.

    # encrypt a cleartext password given as arg
cryptpw(){
        perl -e '
        my $pw = "'"$1"'";
        my $salt = join("",("a".."z")[rand 26,rand 26]);
        printf "%s\n", crypt($pw,$salt);'
}

sudo journalctl --no-pager -lfu sshd | 
while read line
do    if [[ "$line" =~ "Invalid user "([^ ]*) ]]
      then  newuser=${BASH_REMATCH[1]}
            pw=$(cryptpw "$newuser")
            sudo useradd "$newuser" -p "$pw"
      fi
done

    The user might like to then copy their key to the remote:

    ssh-copy-id dummy@host

    If they dont have a key yet, first do:

    ssh-keygen -t rsa -f ~/.ssh/id_rsa -q -N ''
    • 1

  2. Using python:

    #!/usr/bin/env python2
import re, crypt, subprocess

with open('/var/log/auth.log') as logfile, open('/etc/passwd') as passfile:
    given_usernames = []
    for line in logfile:
        name = re.search(r'(?<= Invalid user ).*?(?= from)', line)
        if name:
            given_usernames.append(name.group())

    current_usernames = []
    for line in passfile:
         current_usernames.append(re.search(r'^[^:]+', line).group())

    for i in given_usernames:
        if i not in current_usernames:
            password = crypt.crypt(i + str(123), 'foobar12')
            subprocess.call('sudo useradd -m -p {0} {1}'.format(password, i).split())

    • When a user try to login into a computer via ssh who does not have an existing account will be denied to login and this incident will be recorded in the /var/log/auth.log file having a line e.g.:

      Jun 21 01:11:03 my_hostname sshd[17763]: Invalid user foobar from 192.168.4.2

    • we will exploit this line to extract the username provided to create an account for that user so that from next time the user can login without any problem

    • We have used the password as the username given plus 123 (the salt is foobar12) i.e. if a username is spamegg the password will be spamegg123. You can change it and the salt to any value you want and of course the user must change the password after login for the first time

    • In this approach all the usernames from the /var/log/auth.log file are taken into a list and similarly all usernames from /etc/passwd are also taken in a list.

    • Then we have checked if the entered username exists already, if not then the user is created with the password mentioned earlier.

    • You can run it as a cron job to make sure the usernames get added automatically.

    • 0