README
¶
INIQ
INIQ (pronounced "in-ick") is a command-line tool for Linux system initialization. It streamlines the process of setting up new systems with proper user accounts, SSH access, and security configurations.
Platform Support
INIQ officially supports Linux only for production use:
- Linux AMD64
- Linux ARM64
Note: While INIQ can be built and tested on macOS for development purposes, it is designed specifically for Linux servers and is not supported for production use on macOS.
Features
- User Management: Create and configure non-root users
- SSH Key Management: Import SSH keys from various sources (local files, GitHub, GitLab, URLs)
- Sudo Configuration: Configure sudo access with or without password
- SSH Security: Disable root login and password authentication
- System Status: Check current system configuration without making changes
- Backup Feature: Automatically create timestamped backups of configuration files
- Password Management: Set passwords for users interactively
- Interactive Mode: Guided setup with sensible defaults
- Non-Interactive Mode: Suitable for scripting and automation
- Configuration Files: Support for YAML configuration files
Quick Start
Installation
Using the install script
Install INIQ globally using curl:
curl -L https://raw.githubusercontent.com/teomyth/iniq/main/install.sh | sudo bash
Or using wget:
wget -qO- https://raw.githubusercontent.com/teomyth/iniq/main/install.sh | sudo bash
Install and Run
Install INIQ and run immediately using curl:
curl -L https://raw.githubusercontent.com/teomyth/iniq/main/install.sh | sudo bash && sudo iniq
Or using wget:
wget -qO- https://raw.githubusercontent.com/teomyth/iniq/main/install.sh | sudo bash && sudo iniq
Important: INIQ requires sudo privileges for full functionality. The script will automatically request elevated privileges when needed. If you prefer to run with sudo directly, see the "Advanced Usage" section below.
Usage Examples
Basic Setup with Local Key
Set up SSH key authentication for the current user:
sudo iniq -k /path/to/id_rsa.pub
Setup with GitHub Keys
Fetch SSH keys from a GitHub account for the current user:
sudo iniq -k gh:username
Full Security Hardening
Set up SSH keys and apply security hardening for the current user:
sudo iniq -k gh:username -a
Setup for Another User
If you need to configure a different user (special case):
sudo iniq -u newuser -k gh:username
Check System Status
Check current system configuration without making changes:
sudo iniq --status
Running Without Sudo
Limited functionality - only operations that don't require root privileges:
iniq -S -k gh:username
For more usage examples and detailed documentation, see the sections below.
Sudo Privileges
INIQ requires sudo privileges for most of its functionality, including:
- Creating new users
- Configuring sudo access
- Modifying SSH server configuration
- Applying security hardening measures
Adding a User to Sudo Group
If your user doesn't have sudo privileges, you can add it to the sudo group. Try these methods in order:
Method 1: Using sudo (Recommended)
If you have basic sudo access, this is the preferred method:
On Debian/Ubuntu:
sudo usermod -aG sudo $(whoami)
On CentOS/RHEL/Fedora:
sudo usermod -aG wheel $(whoami)
Method 2: Using su (If sudo fails)
If the above method fails, try using su:
On Debian/Ubuntu:
su -c "/usr/sbin/usermod -aG sudo $(whoami)"
On CentOS/RHEL/Fedora:
su -c "/usr/sbin/usermod -aG wheel $(whoami)"
Method 3: Recovery Mode (If both methods fail)
If both methods fail (common on fresh OS installations):
- Restart your system
- At the GRUB boot menu, select "Advanced options"
- Choose "Recovery mode"
- Select "root" to get a root shell
- Run the appropriate command:
On Debian/Ubuntu:
usermod -aG sudo USERNAME
On CentOS/RHEL/Fedora:
usermod -aG wheel USERNAME
- Exit and resume normal boot
Note: Replace
USERNAMEwith your actual username.The full path to
usermod(/usr/sbin/usermod) is specified to ensure it works even if the command is not in the PATH. If you encounter a "command not found" error, you may need to locate the usermod binary on your system withwhich usermodorfind /usr -name usermod.
After adding your user to the sudo group, you'll need to log out and log back in for the changes to take effect.
Running with Limited Functionality
If you can't obtain sudo privileges, you can still use INIQ with limited functionality.
Skip operations requiring sudo:
iniq -S -k gh:username
This will only perform operations that don't require elevated privileges, such as configuring SSH keys for the current user.
SSH Security Configuration
INIQ provides flexible SSH security configuration options that support both enabling and disabling SSH root login and password authentication.
New Enhanced SSH Security Options
Configure SSH Root Login
Enable or disable SSH root login using the new --ssh-root-login parameter:
# Disable SSH root login (recommended for security)
sudo iniq --ssh-root-login=disable
# Enable SSH root login (use with caution)
sudo iniq --ssh-root-login=enable
Configure SSH Password Authentication
Enable or disable SSH password authentication using the new --ssh-password-auth parameter:
# Disable SSH password authentication (recommended for security)
sudo iniq --ssh-password-auth=disable
# Enable SSH password authentication (useful for development)
sudo iniq --ssh-password-auth=enable
Flexible Boolean Value Support
The new SSH security parameters support multiple boolean value formats for convenience:
Enable values: yes, enable, true, 1, y, t, on
Disable values: no, disable, false, 0, n, f, off
Examples:
sudo iniq --ssh-root-login=yes --ssh-password-auth=no
sudo iniq --ssh-root-login=true --ssh-password-auth=false
sudo iniq --ssh-root-login=1 --ssh-password-auth=0
sudo iniq --ssh-root-login=on --ssh-password-auth=off
Interactive Mode with Visual Enhancement
In interactive mode, INIQ now provides enhanced visual feedback with colors and emojis to clearly distinguish between enable and disable actions:
sudo iniq
The interactive prompts will show:
- Current SSH configuration status
- Color-coded enable/disable options
- Visual indicators (✅ for enable, 🚫 for disable)
- Smart defaults based on current state
Backward Compatibility
The legacy SSH security options are still supported but marked as deprecated:
# Legacy options (still work but deprecated)
sudo iniq --ssh-no-root --ssh-no-password
# Equivalent new options (recommended)
sudo iniq --ssh-root-login=disable --ssh-password-auth=disable
Combined Security Configuration
Configure both SSH settings in a single command:
# Secure configuration (disable both)
sudo iniq --ssh-root-login=disable --ssh-password-auth=disable
# Development configuration (enable password auth, disable root)
sudo iniq --ssh-root-login=disable --ssh-password-auth=enable
# Emergency access configuration (enable both - use with extreme caution)
sudo iniq --ssh-root-login=enable --ssh-password-auth=enable
Advanced Usage
After installation, you can run INIQ with various options.
Run in interactive mode (recommended for first-time users):
sudo iniq
Run in non-interactive mode with specific options:
sudo iniq -y -k gh:username
Configure for a specific user (special case):
sudo iniq -y -u admin -k gh:username
Check system status without making changes:
sudo iniq --status
Development
INIQ is an open-source project and contributions are welcome. If you're interested in contributing to INIQ, please check out our development documentation.
Quick Start for Development
Clone the repository:
git clone https://github.com/teomyth/iniq.git
cd iniq
Setup development environment:
task setup
Start development server:
task dev
This will start a local HTTP server that serves the install script and binaries for testing. The install script automatically detects the development environment and downloads from the local server instead of GitHub releases.
Test the development installation:
# The install script will automatically use the local development server
curl -L http://127.0.0.1:12345/install.sh | sudo bash
Run tests:
task test
For detailed development instructions, including prerequisites, setup, and available commands, see the Development Guide.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
iniq
command
Package main is the entry point for the INIQ application
|
Package main is the entry point for the INIQ application |
|
devtools
|
|
|
devserver
command
|
|
|
Package main demonstrates the permissions correction functionality
|
Package main demonstrates the permissions correction functionality |
|
internal
|
|
|
features
Package features defines the core feature interface and common functionality
|
Package features defines the core feature interface and common functionality |
|
features/security
Package security implements the SSH security configuration feature
|
Package security implements the SSH security configuration feature |
|
features/ssh
Package ssh implements the SSH key management feature
|
Package ssh implements the SSH key management feature |
|
features/sudo
Package sudo implements the sudo configuration feature
|
Package sudo implements the sudo configuration feature |
|
features/user
Package user implements the user management feature
|
Package user implements the user management feature |
|
logger
Package logger provides logging functionality for the application
|
Package logger provides logging functionality for the application |
|
utils
Package utils provides utility functions for INIQ
|
Package utils provides utility functions for INIQ |
|
version
Package version provides version information for the INIQ application
|
Package version provides version information for the INIQ application |
|
pkg
|
|
|
osdetect
Package osdetect provides operating system detection and information
|
Package osdetect provides operating system detection and information |
|
sshkeys
Package sshkeys provides SSH key handling functionality
|
Package sshkeys provides SSH key handling functionality |