chunyu/Toolbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Toolbox/EnablePubkey.sh
Lsmoisu eadca2448d
Update EnablePubkey.sh
2025-06-05 10:48:50 +08:00

120 lines
5.7 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
#添加公钥并配置ssh免密登录
# 检查是否以root用户运行
if [ "$EUID" -ne 0 ]; then
echo "此脚本需要以root权限运行请使用sudo或切换到root用户"
exit 1
fi
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
SSHD_CONFIG="/etc/ssh/sshd_config"
# ================== 第一部分配置SSH公钥 ==================
echo -e "${YELLOW}=== 开始配置SSH公钥认证 ===${NC}"
PUBLIC_KEY='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCk1UYH6SmDtRKwnEt2iJiTC/Si3HlMYwzDG9FlMNQNLQ9g8AOK1ZLDQgUjM+eugMVugLPz8aFT8waSV9QDudU+epRAsczIfd7pHKaApWSWo55oTHwzjt8kb7JY3XvcnqVb55wbwQWQiMpIyj4q8fBmJCCeMWLtIS4c68KhSg4ihz6YOQpuDtDclWXEByr1C1i0MQ7ymwhjJazrN3LThTATTqoP5Ho3b2FEuZcBaSRIQrDBWJYVzl15Fbq0RfQaleudl18j7BUN/1/SHUcyUbTb5H4XkHiLQhOutf+mMqX0wZPSOy6q+GRP8Fi3bKHFXR/6+/HIyz0ocx9FQY5ir46v chunyu.he20@tendcloud.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDnZIlWIWpvgbvmmZ5+chyYWWTZXmXMTIbZV5REoLNhOeFRmoNq2gjVy/emCxHI0nweMP1M4jKJiqNaTK9+Vo7wv+uRiLQLkI6DNcZdYQx7t+L8z4GaWUfoR2w15gJtjxjJpLI+pev3LYRsTdyu5ZnQm2d0vi2O8Qahv5Q8RUHiARJ+72vPW8xp52TAGW14uIFym6Go5LAyppmvhOqHQhh+D8bJi/UKEm4LTyKcC2jm9MFUWBV1oQ4ZR1sl4h44/F4l8Dy4TFKdpXne/Ps42Nxkt4ECthoK3WcVNZvyna8m8NBOrj9D5rPMf7XAFLPWqP+N1rALf/bmDUu99iFOaZW1QkPafU5ozKsk8leu1npY5lWRfeEh2SL5mfLb/tXXB5QN/xPu2i9g79o2Qa+HvLmcVAJzbzNGgXoQmGQdOqWfEUIfYlzSdvnMGKzlyRe8amWUGBg4jX8mkvE8KxkVBV8iUCvw+dCvpHMBwQgGabvtcbGGbgQPRvkzehzj5p4fBBE= root@oracle-arm
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQMB9evA8B2OV5IJPJVH7QdyzMP9qSRTq9ja/LCVqkdOxljRPl0Xhqh/gWIVpNMLRe4TALxIVs/gnVdNF5h98FfGUlNF/zLb4yvQE6ss7c0KkXrS6rTTRmVGBQKpe9cpmhhDViLPggeQ29Lt+fc1cXUYrle9NSVnXEU8TPnPVy3UKk1fuL0PYhqClXL5+MgjhWYFTjUVDaZdKGPWVhE3NRrqQtNrV2owrU+sVBdTkzRQ36vK9mhlmmv0SyA1Hxio1Un61h2nheKtVjpNDWQpRpbFglp3gfIUotplgJUw8JYPNMhwPC9/w1+wfiTYaJhASUYxbsrb9LBbs8ZxZkrgbgYA7FJkwPVH0ELcDwvbU/f4WIFbAVmj0O7E/lF8eGhNVLOg0UC1n6vmcBcxyC796bRLsaQ4EwyX9JKCIz30UTMDBXUrOS55TOHdLnUCMUNBLFiXMQLqn9DibPt8P/8L2rZFTC2KtrlgruI+qCD3jpvQHAsLgOXmA8fzXAR2Ta2e0= sprin@chunyu
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVw/Lamb8wHXeLgCKGbumrocMvq+a6goVFBAuhYk/TVUoislrO1SrrH5YMFc7aQMZNP/mbubirIck8h0wT8hiU070OHO7HuaAyIGgFh4icIX/m7znhvWteG/evxJUN95ZWm4bk+UmGUbbAO4BkSEGub/ENJ3RGR9eJuDabgMha5fyzl9J9sm6jDeXVyGtLOy9NkYYHo/J0kUAwK1YOQ88rAXIhsJ04qsH7256VAdo6enO39Y0RG4NhK3hlRYP46f8NWyCaJFbcz4tpbHNdG9Xbqg7j/RSn7tO5bpB283m/wsZR7kM28x9dzyojJJYycEn9CTUzBjxcBBuKNa57Y+eoBo7q2KXx13ziMvO5k7Bl8GXknl0uguf49hjbPS95CThns+sqz7G3Px8a79BJ1rHEewlmMMJUa/kRY+NAcum0nVkWzZIpR6I2KWMP+8OaJLj97vIHgGydRP8y4I6IiiZBlOlshNJ3iI/XxsSWjWjdWxSHUZtHj4L1IaxclrX+QtU= root@gc-hk.asia-east2-c.c.annular-bucksaw-448504-h3.internal
'
# 检查
if [ -z "$PUBLIC_KEY" ]; then
echo -e "${RED}检查失败${NC}"
exit 1
fi
# 去除解密结果中的不可见字符(如空字节)并检查公钥格式是否有效
PUBLIC_KEY=$(echo "$PUBLIC_KEY" | tr -d '\0') # 去除空字节
if ! echo "$PUBLIC_KEY" | grep -q "ssh-"; then
echo -e "${RED}解密后的公钥格式无效${NC}"
exit 1
fi
# 为root用户配置公钥
ROOT_SSH_DIR="/root/.ssh"
mkdir -p "$ROOT_SSH_DIR"
chmod 700 "$ROOT_SSH_DIR"
# 添加公钥到authorized_keys
if ! grep -qF "$PUBLIC_KEY" "$ROOT_SSH_DIR/authorized_keys" 2>/dev/null; then
echo "$PUBLIC_KEY" >> "$ROOT_SSH_DIR/authorized_keys"
chmod 600 "$ROOT_SSH_DIR/authorized_keys"
echo -e "${GREEN}公钥已成功添加到 /root/.ssh/authorized_keys${NC}"
else
echo -e "${YELLOW}此公钥已存在于authorized_keys中无需重复添加${NC}"
fi
# ================== 第二部分配置SSH服务器 ==================
echo -e "\n${YELLOW}=== 开始优化SSH服务器配置 ===${NC}"
# 检查配置文件是否存在
if [ ! -f "$SSHD_CONFIG" ]; then
echo -e "${RED}SSH配置文件 $SSHD_CONFIG 不存在,请检查系统环境${NC}"
exit 1
fi
# 备份当前的SSH配置文件
echo "备份当前SSH配置文件到 $SSHD_CONFIG.bak"
cp "$SSHD_CONFIG" "$SSHD_CONFIG.bak"
# 函数:检查并更新配置参数
update_config_param() {
local param="$1"
local value="$2"
if grep -q "^[[:space:]]*${param}[[:space:]]" "$SSHD_CONFIG"; then
echo "找到参数 $param,正在更新其值为 $value"
sed -i "s/^[[:space:]]*${param}[[:space:]].*/${param} ${value}/" "$SSHD_CONFIG"
else
echo "未找到参数 $param,正在添加 ${param} ${value}"
echo "${param} ${value}" >> "$SSHD_CONFIG"
fi
}
# 更新SSH配置参数
echo "更新SSH配置文件..."
update_config_param "PasswordAuthentication" "no"
update_config_param "PubkeyAuthentication" "yes"
update_config_param "PermitRootLogin" "yes"
update_config_param "ChallengeResponseAuthentication" "no"
update_config_param "UsePAM" "yes"
update_config_param "ClientAliveInterval" "300"
update_config_param "ClientAliveCountMax" "2"
# 检查配置文件语法
echo -e "\n${YELLOW}检查SSH配置文件语法...${NC}"
if command -v sshd >/dev/null 2>&1; then
if ! sshd -t; then
echo -e "${RED}SSH配置文件语法错误请检查恢复备份文件...${NC}"
cp "$SSHD_CONFIG.bak" "$SSHD_CONFIG"
exit 1
fi
else
echo -e "${YELLOW}警告未找到sshd无法检查配置文件语法${NC}"
fi
# 重启SSH服务以应用更改
echo -e "\n${YELLOW}重启SSH服务...${NC}"
if systemctl is-active --quiet sshd; then
systemctl restart sshd
echo -e "${GREEN}SSH服务已重启${NC}"
elif systemctl is-active --quiet ssh; then
systemctl restart ssh
echo -e "${GREEN}SSH服务已重启${NC}"
else
echo -e "${YELLOW}未找到SSH服务请手动重启${NC}"
fi
echo -e "\n${GREEN}=== SSH配置已完成 ===${NC}"
echo -e "${GREEN}1. 您的公钥已添加到/root/.ssh/authorized_keys${NC}"
echo -e "${GREEN}2. SSH服务器已配置为仅允许公钥认证${NC}"
echo -e "${YELLOW}请确保您已保存好私钥,否则可能无法登录系统!${NC}"
Reference in New Issue View Git Blame Copy Permalink