bash add_user - aragorn/home GitHub Wiki

κ°œμš”

  • λ¬Έμ„œ/μ†ŒμŠ€μ½”λ“œ μ΅œμ’… μˆ˜μ • : 2012-03-04, κΉ€μ •κ²Έ
  • λ¦¬λˆ…μŠ€μ—μ„œ μ‹œμŠ€ν…œ 계정을 μΆ”κ°€λ‘œ μƒμ„±ν•˜λŠ” μŠ€ν¬λ¦½νŠΈμ΄λ‹€. νšŒμ‚¬μ—μ„œ μ“°λŠ” 관둀에 따라 /data1/ 디렉토리 μ•„λž˜μ— ν™ˆλ””λ ‰ν† λ¦¬λ₯Ό μƒμ„±ν•˜κ³ , /data[n]/ 디렉토리에 데이터 μ €μž₯용 디렉토리듀을 λͺ¨λ‘ μƒμ„±ν•œλ‹€.
  • ssh 접속을 μœ„ν•œ rsa keyλ₯Ό μƒμ„±ν•˜λŠ” μ˜΅μ…˜μ„ μ œκ³΅ν•˜μ—¬, .ssh/id_rsa, id_rsa.pub νŒŒμΌμ„ μƒμ„±ν•œλ‹€.
  • .ssh/authorized_keys νŒŒμΌμ—λŠ” μžμ‹ μ˜ .ssh/id_rsa.pub νŒŒμΌμ„ 기본적으둜 항상 μΆ”κ°€ν•˜κ²Œ λœλ‹€. μ΄λ•Œ, 쀑볡 μ—¬λΆ€ κ²€μ‚¬ν•΄μ„œ, ν•„μš”ν•œ κ²½μš°μ—λ§Œ μΆ”κ°€ν•œλ‹€.
  • .ssh/known_hosts νŒŒμΌλ„ μ˜΅μ…˜μœΌλ‘œ μžλ™ μƒμ„±ν•œλ‹€. /etc/hosts νŒŒμΌμ— λ“±λ‘λœ λͺ¨λ“  host 에 λŒ€ν•΄μ„œ known_hosts νŒŒμΌμ„ μƒμ„±ν•œλ‹€.
  • λ©±λ“±μ„±(idempotence)λ₯Ό 갖도둝 κ΅¬ν˜„ν•˜μ˜€λŠ”λ°, 아직 μΆ©λΆ„νžˆ ν…ŒμŠ€νŠΈν•΄λ³΄μ§€λŠ” λͺ»ν•˜μ˜€λ‹€. μ†μœΌλ‘œ ν…ŒμŠ€νŠΈν•΄ λ³Έ λͺ‡λͺ‡ μΌ€μ΄μŠ€μ— λŒ€ν•΄μ„œλŠ” bug fixλ₯Ό ν–ˆλŠ”λ°, λ‹€λ₯Έ 뢄듀이 써 λ³΄μ‹œκ³  feedback μ£Όμ‹œλ©΄ μ’‹κ² λ‹€.
  • RHEL5 μ—μ„œ 주둜 μ‚¬μš©ν–ˆκΈ° λ•Œλ¬Έμ—, λ‹€λ₯Έ λ¦¬λˆ…μŠ€ λ°°ν¬λ³Έμ—μ„œλŠ” ν…ŒμŠ€νŠΈκ°€ 더 ν•„μš”ν•  수 μžˆλ‹€.
  • λΉ„λ°€λ²ˆν˜Έ 지정할 λ•Œμ—λŠ” openssl λͺ…령을 μ΄μš©ν•˜λ©΄ νŽΈλ¦¬ν•˜λ‹€. μ•”ν˜Έν™”λœ λΉ„λ°€λ²ˆν˜Έ λ¬Έμžμ—΄μ„ 생성할 λ•Œ μœ μš©ν•˜λ‹€. μžμ„Έν•œ 건 openssl(1) man page μ°Έμ‘°ν•˜λ©΄ λœλ‹€.

μ£Όμ˜ν•  점

--dry-run μ˜΅μ…˜μ€ μž‘λ™ν•˜μ§€ μ•ŠλŠ”λ‹€. κ΅¬ν˜„λ˜μ§€ μ•Šμ€ κΈ°λŠ₯이닀.

μ‚¬μš©λ²•

  • 계정 μƒμ„±ν•˜κΈ° - λΉ„λ°€λ²ˆν˜ΈλŠ” κΈ°λ³Έ κ°’ (μ†ŒμŠ€μ½”λ“œ λ‚΄ μ•”ν˜Έν™”λœ λΉ„λ°€λ²ˆν˜Έλ₯Ό κ³ μ³μ„œ μ‚¬μš©ν•˜μ„Έμš”)
    add_user username
  • λΉ„λ°€λ²ˆν˜Έ μž„μ˜λ‘œ μ§€μ •ν•˜κΈ°
    add_user username $(openssl passwd -1 'λΉ„λ°€λ²ˆν˜Έ')
  • known_hosts 파일 μƒμ„±ν•˜κΈ° (κΈ°λ³Έ λΉ„λ°€λ²ˆν˜Έλ‘œ μ΄ˆκΈ°ν™”λ¨)
    add_user --known-hosts username
  • ssh rsa key μƒμ„±ν•˜κΈ° (κΈ°λ³Έ λΉ„λ°€λ²ˆν˜Έλ‘œ μ΄ˆκΈ°ν™”λ¨)
    add_user --rsa-key username
  • λΉ„λ°€λ²ˆν˜Έ μ§€μ •ν•˜λ©΄μ„œ known_hosts μƒμ„±ν•˜κ³  rsa key μƒμ„±ν•˜κΈ°
    add_user --known-hosts --rsa-key username $(openssl passwd -1 'λΉ„λ°€λ²ˆν˜Έ')
  • μƒμ„Έν•œ μž‘μ—… ν˜„ν™© ν™•μΈν•˜κΈ° : -v μ˜΅μ…˜ μΆ”κ°€
    add_user -v --known-hosts --rsa-key username $(openssl passwd -1 'λΉ„λ°€λ²ˆν˜Έ')
  • μ‚¬μš©λ²• μš”μ•½

Usage: add_user [--known-hosts] [--rsa-key] [-v] [-v] [--dry-run] [-h] [--help] username username login username to create account of encrypted password encrypted password of account

Options - --known-hosts generates .ssh/known_hosts from /etc/hosts --rsa-key generates .ssh/id_rsa -v enables verbose mode 1 -v -v enables verbose mode 2 --dry-run shows what would have been done -h, --help shows this help message


## μ—¬λŸ¬ μ„œλ²„μ—μ„œ 계정을 μƒμ„±ν•˜κΈ°

μ—¬λŸ¬ μ„œλ²„μ—μ„œ λ™μΌν•œ 계정을 일괄 μƒμ„±ν•˜λ €λŠ” 경우, λ‹€μŒκ³Ό 같은 방식을 μ‚¬μš©ν•  수 μžˆλ‹€.

### 첫번째 μ„œλ²„μ˜ root κ³„μ •μ—μ„œ λ‚˜λ¨Έμ§€ μ„œλ²„λ‘œ λΉ„λ°€λ²ˆν˜Έ 없이 접속 κ°€λŠ₯ν•œ ν™˜κ²½μ„ κ΅¬μ„±ν•œλ‹€.

#### 첫번째 μ„œλ²„μ˜ root κ³„μ •μ—μ„œ, ssh 연결을 μœ„ν•œ rsa keyλ₯Ό μƒμ„±ν•œλ‹€.

[root@hostname ~] ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa Generating public/private rsa key pair. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 5f:92:e9:f1:9f:f7:5a:dc:8e:da:ea:66:a8:1b:34:1c root@hostname [root@hostname ~]

 
#### .ssh/known_hosts νŒŒμΌμ„ μ€€λΉ„ν•œλ‹€.

##### /etc/hosts μ—μ„œ host이름, ipμ£Όμ†Œλ₯Ό μΆ”μΆœν•˜κΈ° μœ„ν•œ awk λͺ…령을 μ€€λΉ„ν•œλ‹€.

μ•„λž˜ AWK_KNOWN_HOSTS=... λΆ€λΆ„μ—μ„œ END) λΆ€λΆ„κΉŒμ§€λ₯Ό copy & paste둜 λΆ™μ—¬λ„£κΈ° ν•˜λ©΄ λœλ‹€. 이후 `echo ${AWK_KNOWN_HOSTS}` λͺ…λ ΉμœΌλ‘œ μ •μƒμ μœΌλ‘œ μž…λ ₯λ˜μ—ˆλŠ”μ§€ ν™•μΈν•œλ‹€.

[root@hostname ~] AWK_KNOWN_HOSTS=$(cat <<-'END' { ip_addr=$1; if ( NF == 3 ) { hostname=$3; } else if ( NF == 2 ) { hostname=$2; } else { hostname="unknown"; } print hostname "," ip_addr; } END) [root@hostname ~] echo ${AWK_KNOWN_HOSTS} { ip_addr=$1; if ( NF == 3 ) { hostname=$3; } else if ( NF == 2 ) { hostname=$2; } else { hostname="unknown"; } print hostname "," ip_addr; } [root@hostname ~]


##### /etc/hosts 의 각 ν˜ΈμŠ€νŠΈμ— λŒ€ν•΄ ssh-keyscan(1) λͺ…령을 μ‹€ν–‰ν•˜κ³ , κ·Έ κ²°κ³Όλ₯Ό .ssh/known_hosts 둜 μ €μž₯ν•œλ‹€.

μ•„λž˜ λͺ…λ Ήμ—μ„œ > ~/.ssh/known_hosts μ€„κΉŒμ§€λ§Œ μž…λ ₯ν•˜λ©΄, λͺ…령이 μ‹€ν–‰λ˜λ©΄μ„œ 각 ν˜ΈμŠ€νŠΈλ³„λ‘œ sshd version을 ν™•μΈν•˜λŠ” λ©”μ‹œμ§€κ°€ 좜λ ₯λœλ‹€.

[root@hostname ~] sed -e '/^\s*#/d' -e '/^$/d' /etc/hosts
| gawk "${AWK_KNOWN_HOSTS}"
| ssh-keyscan -t rsa -f - \

~/.ssh/known_hosts

host1-blah SSH-2.0-OpenSSH_4.3

host1-blah SSH-2.0-OpenSSH_4.3

host1-blah SSH-2.0-OpenSSH_4.3

host1-blah SSH-2.0-OpenSSH_4.3

host1-blah SSH-2.0-OpenSSH_4.3

[root@hostname ~]

 
* 참고사항  
  known_hosts νŒŒμΌμ„ ~/.ssh/known_hosts 에 μ €μž₯해도 λ˜μ§€λ§Œ, system-wide ν•˜κ²Œ μ‚¬μš©ν•  수 μžˆλ„λ‘, /etc/ssh/ssh_known_hosts νŒŒμΌμ— μ €μž₯ν•˜μ—¬λ„ λœλ‹€.

#### 전체 μ„œλ²„ 리슀트λ₯Ό μ€€λΉ„ν•œλ‹€.

##### /etc/hosts μ—μ„œ host이름을 μΆ”μΆœν•˜κΈ° μœ„ν•œ awk λͺ…령을 μ€€λΉ„ν•œλ‹€.

μ•„λž˜ AWK_HOSTS=... λΆ€λΆ„μ—μ„œ END) λΆ€λΆ„κΉŒμ§€λ₯Ό copy & paste둜 λΆ™μ—¬λ„£κΈ° ν•˜λ©΄ λœλ‹€. 이후 `echo ${AWK_HOSTS}` λͺ…λ ΉμœΌλ‘œ μ •μƒμ μœΌλ‘œ μž…λ ₯λ˜μ—ˆλŠ”μ§€ ν™•μΈν•œλ‹€.

[root@hostname ~] AWK_HOSTS=$(cat <<-'END' { ip_addr=$1; if ( NF == 3 ) { hostname=$3; } else if ( NF == 2 ) { hostname=$2; } else { hostname="unknown"; } print hostname; } END) [root@hostname ~] echo ${AWK_HOSTS} { ip_addr=$1; if ( NF == 3 ) { hostname=$3; } else if ( NF == 2 ) { hostname=$2; } else { hostname="unknown"; } print hostname; } [root@hostname ~]


##### /etc/hosts μ—μ„œ hostμ΄λ¦„λ§Œ μΆ”μΆœν•˜μ—¬ μ λ‹Ήν•œ μ΄λ¦„μ˜ 파일둜 μ €μž₯ν•œλ‹€.

[root@hostname ~] sed -e '/^\s*#/d' -e '/^$/d' /etc/hosts
| gawk "${AWK_HOSTS}" > list.txt [root@hostname ~]


#### 첫번째 μ„œλ²„μ—μ„œ λ‚˜λ¨Έμ§€ λͺ¨λ“  μ„œλ²„λ‘œ ssh-copy-id λͺ…령을 μ‹€ν–‰ν•œλ‹€.

##### μ—¬λŸ¬ ν˜ΈμŠ€νŠΈμ— λŒ€ν•΄ ssh-copy-id λͺ…령을 μ‹€ν–‰ν•œλ‹€.

λͺ…령을 μž…λ ₯ν•˜λ©΄, 각 호슀트의 root λΉ„λ°€λ²ˆν˜Έλ₯Ό 반볡적으둜 λ¬Όμ–΄λ³΄κ²Œ λœλ‹€. λΉ„λ°€λ²ˆν˜Έλ₯Ό λ°˜λ³΅ν•˜μ—¬ μž…λ ₯ν•˜λ©΄ λœλ‹€. copy & paste둜 반볡적으둜 μž…λ ₯ν•˜λ©΄ νŽΈλ¦¬ν•˜λ‹€.

[root@hostname ~] cat list.txt | xargs -I {} ssh-copy-id -i ~/.ssh/id_rsa {} root@localhost's password: Now try logging into the machine, with "ssh 'localhost'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

0 root@hostname-blah's password: Now try logging into the machine, with "ssh 'hostname-blah'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

0 ... μ€‘λž΅ ... root@hostname-blah's password: Now try logging into the machine, with "ssh 'hostname-blah'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[root@hostname ~]

 
##### root κ³„μ •μ—μ„œ λΉ„λ°€λ²ˆν˜Έ 없이 μ—¬λŸ¬ μ„œλ²„λ‘œ ssh μ—°κ²°λ˜λŠ”μ§€ 확인해 λ³Έλ‹€.

### 각 μ„œλ²„μ— add_user 슀크립트λ₯Ό 일괄 μ„€μΉ˜ν•œλ‹€.

[root@hostname ~] mkdir bin [root@hostname ~] curl -u ssdbuilder:ssdbuilder http://source.daumcorp.com/private/aragorn/trunk/setup/add_user > bin/add_user % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 5330 100 5330 0 0 34264 0 --:--:-- --:--:-- --:--:-- 1297k [root@hostname ~] chmod 755 bin/add_user [root@hostname ~] cat list.txt | xargs -I {} rsync -a bin/add_user {}:bin/ [root@hostname ~]


### 각 μ„œλ²„μ—μ„œ μ›ν•˜λŠ” 계정을 일괄 μƒμ„±ν•œλ‹€.

[root@hostname ~] cat list.txt | xargs -I {} ssh {} bin/add_user foobaruser [root@hostname ~]


### 첫번째 μ„œλ²„ κ³„μ •μ—μ„œ rsa key, authorized_keys νŒŒμΌμ„ μƒμ„±ν•œ 이후, 각 μ„œλ²„μ˜ ν•΄λ‹Ή κ³„μ •μœΌλ‘œ λ³΅μ‚¬ν•œλ‹€.

[root@hostname ~] cat list.txt | xargs -I {} ssh {} ls -l /data1/foobaruser/.ssh ls: /data1/foobaruser/.ssh: 그런 νŒŒμΌμ΄λ‚˜ 디렉토리가 μ—†μŒ ls: /data1/foobaruser/.ssh: No such file or directory ls: /data1/foobaruser/.ssh: No such file or directory ...μ€‘λž΅... [root@hostname ~] bin/add_user --known-hosts --rsa-key foobaruser [root@hostname ~] cat list.txt | xargs -I {} rsync -a /data1/foobaruser/.ssh {}:/data1/foobaruser/ [root@hostname ~] cat list.txt | xargs -I {} ssh {} ls -l /data1/foobaruser/.ssh 합계 20 -rw------- 1 foobaruser users 408 3μ›” 4 15:23 authorized_keys -rw------- 1 foobaruser users 1675 3μ›” 4 15:23 id_rsa -rw-r--r-- 1 foobaruser users 408 3μ›” 4 15:23 id_rsa.pub -rw-r--r-- 1 foobaruser users 4516 3μ›” 4 15:23 known_hosts total 20 -rw------- 1 foobaruser users 408 Mar 4 15:23 authorized_keys -rw------- 1 foobaruser users 1675 Mar 4 15:23 id_rsa -rw-r--r-- 1 foobaruser users 408 Mar 4 15:23 id_rsa.pub -rw-r--r-- 1 foobaruser users 4516 Mar 4 15:23 known_hosts ...μ€‘λž΅... [root@hostname ~]

 
### 각 μ„œλ²„μ˜ ν•΄λ‹Ή κ³„μ •μ—μ„œ λΉ„λ°€λ²ˆν˜Έ 없이 λ‹€λ₯Έ μ„œλ²„λ‘œ μ—°κ²°λ˜λŠ”μ§€ ν™•μΈν•œλ‹€.

## μ†ŒμŠ€μ½”λ“œ

add_user
```bash
#!/bin/bash
 
set -o nounset
set -o errexit
 
VERBOSE_MODE=0
VERBOSE=''
 
function error_handler()
{
  local STATUS=${1:-1}
  [ ${VERBOSE_MODE} == 0 ] && exit ${STATUS}
  echo "Exits abnormally at line "`caller 0`
  exit ${STATUS}
}
trap "error_handler" ERR
 
PROGNAME=`basename ${BASH_SOURCE}`
DRY_RUN_MODE=0
GENERATE_KNOWN_HOSTS=0
GENERATE_RSA_KEY=0
 
function print_usage_and_exit()
{
  local STATUS=$1
  echo "Usage: ${PROGNAME} [--known-hosts] [--rsa-key] [-v] [-v] [--dry-run] [-h] [--help] username <encrypted password>"
  echo " username            login username to create account of"
  echo " encrypted password  encrypted password of account"
  echo ""
  echo " Options -"
  echo "      --known-hosts  generates .ssh/known_hosts from /etc/hosts"
  echo "      --rsa-key      generates .ssh/id_rsa"
  echo "  -v                 enables verbose mode 1"
  echo "  -v -v              enables verbose mode 2"
  echo "      --dry-run      shows what would have been done"
  echo "  -h, --help         shows this help message"
  exit ${STATUS:-0}
}
 
function debug()
{
  if [ "$VERBOSE_MODE" != 0 ]; then
    echo $@
  fi
}
 
GETOPT=`getopt -o vh --long known-hosts,rsa-key,dry-run,help -n "${PROGNAME}" -- "$@"`
if [ $? != 0 ] ; then print_usage_and_exit 1; fi
 
eval set -- "${GETOPT}"
 
while true
do case "$1" in
     --known-hosts) GENERATE_KNOWN_HOSTS=1; shift;;
     --rsa-key)     GENERATE_RSA_KEY=1; shift;;
     -v)            let VERBOSE_MODE+=1; VERBOSE="-v" shift;;
     --dry-run)     DRY_RUN_MODE=1; shift;;
     -h|--help)     print_usage_and_exit 0;;
     --)            shift; break;;
     *) echo "Internal error!"; exit 1;;
   esac
done
 
if (( VERBOSE_MODE > 1 )); then
  set -x
fi
 
 
# template area is ended.
# -----------------------------------------------------------------------------
if [ ${#} == 0 ]; then print_usage_and_exit 1; fi
 
DEFAULT_PASSWD='$1$ojDY/m1G$m2pSKWobHPoeaGPrKcx/70'
HOSTNAME=$(hostname)
 
USERNAME=$1
ENCRYPTED_PASSWD=${2:-${DEFAULT_PASSWD}}
 
debug "USERNAME=${USERNAME}"
debug "ENCRYPTED_PASSWD=${ENCRYPTED_PASSWD}"
if [ "${USERNAME}" =~ '[^[:alnum:](/aragorn/home/wiki/-"${USERNAME}"-=~-'[^[:alnum:)' ]]; then
  echo "Invalid username which has non-alphanumeric."
  print_usage_and_exit 1
fi
 
if [ "${USERNAME}" =~ '[[:space:](/aragorn/home/wiki/-"${USERNAME}"-=~-'[[:space:)' ]]; then
  echo "Invalid username which has whitespace(s)."
  print_usage_and_exit 1
fi
if [ "${ENCRYPTED_PASSWD}" =~ '[[:space:](/aragorn/home/wiki/-"${ENCRYPTED_PASSWD}"-=~-'[[:space:)' ]]; then
  echo "Invalid encrypted password which has whitespace(s)."
  print_usage_and_exit 1
fi
 
if [ $(id ${USERNAME} 2>/dev/null) == "" ](/aragorn/home/wiki/-$(id-${USERNAME}-2>/dev/null)-==-""-); then
  debug "${USERNAME} does not exist."
  /usr/sbin/useradd -g users -d /data1/${USERNAME} -m -p "${ENCRYPTED_PASSWD}" ${USERNAME}
else
  debug "${USERNAME} already exists."
  /usr/sbin/usermod -g users -d /data1/${USERNAME} -m -p "${ENCRYPTED_PASSWD}" ${USERNAME}
fi
 
for DATADIR in /data?
do
  if [ -d ${DATADIR}/${USERNAME} ]
  then
    debug "${DATADIR}/${USERNAME} already exists."
  else
    install -d -o ${USERNAME} -g users -m 755 ${DATADIR}/${USERNAME}
  fi
done
 
if [ ${GENERATE_KNOWN_HOSTS} == 1 ]
then
  AWK_CMD=$(cat <<-'END'
    {
      ip_addr=$1;
      if ( NF == 3 ) { hostname=$3; } else
      if ( NF == 2 ) { hostname=$2; } else
                     { hostname="unknown"; }
      print hostname "," ip_addr;
    }
END)
 
  install -d -o ${USERNAME} -g users -m 700 /data1/${USERNAME}/.ssh
  touch /data1/${USERNAME}/.ssh/known_hosts
  chmod 644 /data1/${USERNAME}/.ssh/known_hosts
  chown ${USERNAME}:users /data1/${USERNAME}/.ssh/known_hosts
 
  # redirect stderr to /dev/null when verbose mode is not enabled.
  if [ "${VERBOSE_MODE}" == 0 ]
  then
    exec 3<&2
    exec 2>/dev/null
  fi
  echo "stderr would be redirected to /dev/null." >&2
 
  sed -e '/^\s*#/d' -e '/^$/d' /etc/hosts \
  | gawk "${AWK_CMD}" \
  | ssh-keyscan ${VERBOSE} -t rsa -f - \
  | comm -23 - /data1/${USERNAME}/.ssh/known_hosts \
  >> /data1/${USERNAME}/.ssh/known_hosts
 
  # restore stderr
  if [ "${VERBOSE_MODE}" == 0 ]
  then
    exec 2<&3
  fi
  debug "stderr is restored."
 
fi
 
if [ ${GENERATE_RSA_KEY} == 1 ]
then
  install -d -o ${USERNAME} -g users -m 700 /data1/${USERNAME}/.ssh
  rm -f /data1/${USERNAME}/.ssh/id_rsa
  rm -f /data1/${USERNAME}/.ssh/id_rsa.pub
  ssh-keygen -q -t rsa -N '' -C "${USERNAME}@${HOSTNAME}" -f /data1/${USERNAME}/.ssh/id_rsa
  chown ${USERNAME}:users /data1/${USERNAME}/.ssh/id_rsa
  chown ${USERNAME}:users /data1/${USERNAME}/.ssh/id_rsa.pub
fi
 
if [ -f /data1/${USERNAME}/.ssh/id_rsa.pub ](/aragorn/home/wiki/--f-/data1/${USERNAME}/.ssh/id_rsa.pub-)
then
 
  if [[ -f /data1/${USERNAME}/.ssh/authorized_keys \
     && $(comm -12 /data1/${USERNAME}/.ssh/authorized_keys \
                   /data1/${USERNAME}/.ssh/id_rsa.pub | wc -l) == 1 ]]
  then
    debug "authorized_keys has id_rsa.pub of ${USERNAME}@${HOSTNAME} already."
  else
    debug "authorized_keys does not have id_rsa.pub of ${USERNAME}@${HOSTNAME} yet."
   
    install -d -o ${USERNAME} -g users -m 700 /data1/${USERNAME}/.ssh
    touch /data1/${USERNAME}/.ssh/authorized_keys
    chmod 600 /data1/${USERNAME}/.ssh/authorized_keys
    chown ${USERNAME}:users /data1/${USERNAME}/.ssh/authorized_keys
   
    sed -i "/${USERNAME}@${HOSTNAME}/d" /data1/${USERNAME}/.ssh/authorized_keys
   
    cat /data1/${USERNAME}/.ssh/id_rsa.pub >> /data1/${USERNAME}/.ssh/authorized_keys
    debug "appended id_rsa.pub to authorized_keys."
  fi
else
  debug "/data1/${USERNAME}/.ssh/id_rsa.pub does not exists."
fi