mirror of
https://github.com/Dichgrem/singbox-example.git
synced 2025-07-31 17:19:31 -04:00
86 lines
2.9 KiB
Bash
86 lines
2.9 KiB
Bash
#!/bin/bash
|
||
|
||
# SSH密钥自动配置脚本
|
||
# 该脚本会生成SSH密钥对,将公钥写入服务器,并配置SSH仅允许root用户通过密钥登录
|
||
|
||
# 设置颜色输出
|
||
GREEN='\033[0;32m'
|
||
RED='\033[0;31m'
|
||
YELLOW='\033[0;33m'
|
||
NC='\033[0m' # No Color
|
||
|
||
# 检查是否为root用户
|
||
if [ "$(id -u)" != "0" ]; then
|
||
echo -e "${RED}此脚本必须以root身份运行${NC}"
|
||
exit 1
|
||
fi
|
||
|
||
# 创建必要的目录
|
||
echo -e "${YELLOW}创建必要的目录...${NC}"
|
||
mkdir -p /root/.ssh
|
||
chmod 700 /root/.ssh
|
||
|
||
# 生成SSH密钥对
|
||
echo -e "${YELLOW}生成SSH密钥对...${NC}"
|
||
KEY_FILE="/root/.ssh/id_rsa"
|
||
if [ -f "$KEY_FILE" ]; then
|
||
echo -e "${YELLOW}密钥文件 $KEY_FILE 已存在${NC}"
|
||
read -p "是否要重新生成密钥对? (y/n): " REGENERATE
|
||
if [ "$REGENERATE" == "y" ]; then
|
||
echo -e "${YELLOW}重新生成密钥对...${NC}"
|
||
KEY_FILE="/root/.ssh/id_rsa_new"
|
||
else
|
||
echo -e "${YELLOW}使用现有的密钥文件${NC}"
|
||
fi
|
||
fi
|
||
|
||
# 生成密钥对
|
||
ssh-keygen -t rsa -b 4096 -f "$KEY_FILE" -N "" -q
|
||
|
||
# 将公钥添加到授权文件
|
||
echo -e "${YELLOW}将公钥添加到授权文件...${NC}"
|
||
cat "${KEY_FILE}.pub" >> /root/.ssh/authorized_keys
|
||
chmod 600 /root/.ssh/authorized_keys
|
||
|
||
# 配置SSH服务器
|
||
echo -e "${YELLOW}配置SSH服务器...${NC}"
|
||
CONFIG_FILE="/etc/ssh/sshd_config"
|
||
CONFIG_BACKUP="${CONFIG_FILE}.bak"
|
||
|
||
# 备份原始配置
|
||
cp "$CONFIG_FILE" "$CONFIG_BACKUP"
|
||
echo -e "${GREEN}SSH配置已备份到 $CONFIG_BACKUP${NC}"
|
||
|
||
# 修改SSH配置
|
||
sed -i 's/#\?PasswordAuthentication yes/PasswordAuthentication no/g' "$CONFIG_FILE"
|
||
sed -i 's/#\?PubkeyAuthentication no/PubkeyAuthentication yes/g' "$CONFIG_FILE"
|
||
sed -i 's/#\?PermitRootLogin.*/PermitRootLogin prohibit-password/g' "$CONFIG_FILE"
|
||
|
||
# 确保PubkeyAuthentication设置为yes
|
||
if ! grep -q "PubkeyAuthentication yes" "$CONFIG_FILE"; then
|
||
echo "PubkeyAuthentication yes" >> "$CONFIG_FILE"
|
||
fi
|
||
|
||
# 重启SSH服务
|
||
echo -e "${YELLOW}重启SSH服务...${NC}"
|
||
systemctl restart sshd
|
||
|
||
# 验证配置
|
||
echo -e "${YELLOW}验证SSH配置...${NC}"
|
||
VALIDATION=$(grep -E 'PasswordAuthentication|PubkeyAuthentication|PermitRootLogin' "$CONFIG_FILE")
|
||
echo -e "${GREEN}SSH配置验证结果:${NC}"
|
||
echo "$VALIDATION"
|
||
|
||
# 输出密钥信息
|
||
echo -e "${GREEN}密钥生成成功!${NC}"
|
||
echo -e "${YELLOW}私钥位置: $KEY_FILE${NC}"
|
||
echo -e "${YELLOW}公钥位置: ${KEY_FILE}.pub${NC}"
|
||
echo -e "${YELLOW}私钥内容:${NC}"
|
||
cat "$KEY_FILE"
|
||
|
||
echo -e "${GREEN}==================================================${NC}"
|
||
echo -e "${GREEN}配置完成! 系统现在仅允许root用户通过密钥登录。${NC}"
|
||
echo -e "${GREEN}请将你的私钥内容保存到任一SSH客户端,以备后续登录使用。${NC}"
|
||
echo -e "${GREEN}建议在新终端中测试密钥登录,确保配置正确。${NC}"
|
||
echo -e "${RED}警告: 不要关闭当前会话,直到确认可以通过密钥登录!${NC}"
|
||
echo -e "${GREEN}==================================================${NC}" |