118 字
1 分钟
一键更改root密码并开启远程
### 我提供了一键脚本,如果您不想继续看下去
curl -sSL http://sudo.6wd.cn/setup-ssh.sh -o setup-ssh.sh && bash setup-ssh.sh脚本内容 (setup-ssh.sh)
若没有提供密码,则使用默认密码 Suki520.。
#!/bin/bash
# ==============================================# SSH安全配置脚本 (支持密钥+密码选项+Root登录)# 版本: 4.2.5 (兼容性修复)# 最后更新: 2025-11-26# ==============================================
# 初始化设置SCRIPT_VERSION="4.2.5"SSH_PORT=22 # 默认SSH端口KEY_GENERATED=falsePASSWORD_AUTH_ENABLED="yes"PRIVATE_KEY_CONTENT="" # 用于存储私钥内容
# 颜色定义BLACK='\033[0;30m'RED='\033[1;31m'GREEN='\033[1;32m'YELLOW='\033[1;33m'BLUE='\033[1;34m'PURPLE='\033[1;35m'CYAN='\033[1;36m'WHITE='\033[1;37m'NC='\033[0m'
# Emoji定义CHECK="✅"CROSS="❌"WARN="⚠️"INFO="ℹ️"LOCK="🔒"FIRE="🔥"NET="🌐"KEY="🔑"TOOLS="🛠️"CONF="⚙️"PASS="🔑"SUCCESS="🎉"PC="💻"SERVER="🖥️"SAVE="💾"
# ==============================================# 修复: 进度条 (POSIX /bin/sh 兼容)# ==============================================progress_bar() { local duration=${1:-2} local bar_length=30 local sleep_interval=$(awk "BEGIN {print $duration / $bar_length}")
echo -ne "${PURPLE}${TOOLS} 进度 ["
local i=0 while [ "$i" -lt "$bar_length" ]; do local color_code=$((i % 6)) case $color_code in 0) echo -ne "${RED}";; 1) echo -ne "${YELLOW}";; 2) echo -ne "${GREEN}";; 3) echo -ne "${CYAN}";; 4) echo -ne "${BLUE}";; 5) echo -ne "${PURPLE}";; esac
echo -ne ">" sleep $sleep_interval i=$((i + 1)) done
echo -e "${PURPLE}] ${GREEN}完成!${NC}"}
# ==============================================# 修复: 旋转动画 (POSIX /bin/sh 兼容)# ==============================================spinner() { local pid=$! local delay=0.1 local spinstr='|/-\'
while kill -0 $pid 2>/dev/null; do local temp=${spinstr#?} printf " [%c] " "$spinstr" local spinstr=$temp${spinstr%"$temp"} sleep $delay printf "\b\b\b\b\b\b" done printf " \b\b\b\b"}
# 显示横幅show_banner() { clear echo -e "${CYAN}" cat << "EOF"
$$$$$$\ _$$$$$$\ $$\$$ __$$\ /$$ __$$\ $$ |$$ / \__|$$\ $$\ $$\ $$$$$$$ | $$$$$$$\ $$$$$$$\$$$$$$$\ $$ | $$ | $$ |$$ __$$ | $$ _____|$$ __$$\$$ __$$\ $$ | $$ | $$ |$$ / $$ | $$ / $$ | $$ |$$ / $$ |$$ | $$ | $$ |$$ | $$ | $$ | $$ | $$ | $$$$$$ |\$$$$$\$$$$ |\$$$$$$$ |$$\ \$$$$$$$\ $$ | $$ | \______/ \_____\____/ \_______|\__| \_______|\__| \__|
EOF echo -e "${NC}版本: ${SCRIPT_VERSION} ${TOOLS}" echo -e "${CYAN}==============================================${NC}" echo -e "${WHITE}${SERVER} 正在为您配置安全的SSH环境...${NC}" echo -e "${CYAN}==============================================${NC}" echo ""}
# 检查root权限check_root() { echo -ne "${BLUE}${KEY} 正在检查root权限..." if [ "$(id -u)" -ne 0 ]; then echo -e "\n${RED}${CROSS} 错误: 请使用root用户运行此脚本${NC}" exit 1 else echo -e " ${GREEN}${CHECK}${NC}" fi}
# 系统检测detect_system() { echo -ne "${BLUE}${PC} 正在检测系统信息..." if [ -f /etc/os-release ]; then . /etc/os-release OS_ID=${ID} OS_VERSION=${VERSION_ID} elif [ -f /etc/redhat-release ]; then OS_ID=$(awk '{print $1}' /etc/redhat-release | tr '[:upper:]' '[:lower:]') OS_VERSION=$(awk '{print $4}' /etc/redhat-release) else OS_ID=$(uname -s) OS_VERSION=$(uname -r) fi
case ${OS_ID} in debian|ubuntu|raspbian|kali|linuxmint|pop) OS_GROUP="debian" ;; centos|rhel|fedora|rocky|almalinux) OS_GROUP="rhel" ;; alpine) OS_GROUP="alpine" ;; arch|manjaro) OS_GROUP="arch" ;; *) OS_GROUP="unknown" ;; esac
echo -e " ${GREEN}${CHECK}${NC}" echo -e "${YELLOW}${INFO} 系统: ${OS_ID} ${OS_VERSION}${NC}"}
# 安装依赖install_deps() { echo -e "${BLUE}${TOOLS} 正在安装必要组件...${NC}"
case ${OS_GROUP} in debian) echo -e "${PURPLE}${TOOLS} 使用APT包管理器${NC}" echo -ne " ${BLUE}更新软件源..." apt-get update > /dev/null 2>&1 & spinner echo -e " ${GREEN}${CHECK}${NC}"
echo -ne " ${BLUE}安装组件..." DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server curl ufw fail2ban bc > /dev/null 2>&1 & spinner echo -e " ${GREEN}${CHECK}${NC}" ;; rhel) echo -e "${PURPLE}${TOOLS} 使用YUM/DNF包管理器${NC}" echo -ne " ${BLUE}安装组件..." (yum install -y openssh-server curl firewalld fail2ban bc > /dev/null 2>&1 || dnf install -y openssh-server curl firewalld fail2ban bc > /dev/null 2>&1) & spinner echo -e " ${GREEN}${CHECK}${NC}"
echo -ne " ${BLUE}启动防火墙..." systemctl enable firewalld --now > /dev/null 2>&1 & spinner echo -e " ${GREEN}${CHECK}${NC}" ;; alpine) echo -e "${PURPLE}${TOOLS} 使用APK包管理器${NC}" echo -ne " ${BLUE}安装组件..." apk add openssh curl bc > /dev/null 2>&1 & spinner apk add fail2ban ufw > /dev/null 2>&1 echo -e " ${GREEN}${CHECK}${NC}" ;; arch) echo -e "${PURPLE}${TOOLS} 使用PACMAN包管理器${NC}" echo -ne " ${BLUE}安装组件..." pacman -Sy --noconfirm openssh curl ufw fail2ban bc > /dev/null 2>&1 & spinner echo -e " ${GREEN}${CHECK}${NC}" ;; esac echo -e "${GREEN}${CHECK} 组件安装完成${NC}" progress_bar 1}
# 密码设置选项 - 简化版本set_root_password() { echo -e "\n${CYAN}${PASS} >>> 请选择root密码设置方式:${NC}" echo -e "1) ${GREEN}使用随机密码 (推荐) ${LOCK}${NC}" echo -e "2) ${YELLOW}使用固定默认密码 (不安全) ${WARN}${NC}" echo -e "3) ${BLUE}手动输入自定义密码 ${KEY}${NC}" echo -n -e "${WHITE}${PASS} 请输入选项 [1-3]: ${NC}" read -r choice
case $choice in 1) echo -ne "${BLUE}${KEY} 正在生成随机密码..." if command -v openssl &> /dev/null; then ROOT_PASSWORD=$(openssl rand -base64 16 | tr -d '/+=') else ROOT_PASSWORD=$(head -c 16 /dev/urandom | base64 | tr -d '/+=') fi echo -e " ${GREEN}${CHECK}${NC}" ;; 2) ROOT_PASSWORD="Server123!" # 默认固定密码 echo -e "${YELLOW}${WARN} 警告: 使用固定密码存在安全风险!${NC}" ;; 3) while true; do echo -n -e "${BLUE}${KEY} 请输入自定义密码: ${NC}" read -s ROOT_PASSWORD echo if [ "$(echo "$ROOT_PASSWORD" | wc -c)" -ge 8 ]; then break else echo -e "${RED}${CROSS} 密码必须至少8个字符!${NC}" fi done ;; *) echo -e "${RED}${CROSS} 无效选项,使用随机密码${NC}" if command -v openssl &> /dev/null; then ROOT_PASSWORD=$(openssl rand -base64 16 | tr -d '/+=') else ROOT_PASSWORD=$(head -c 16 /dev/urandom | base64 | tr -d '/+=') fi ;; esac
# 设置密码 - 使用交互式方式 echo -e "${BLUE}${KEY} 正在设置root密码...${NC}" echo -e "${YELLOW}${INFO} 请稍后,系统可能会提示输入新密码${NC}"
# 使用passwd命令交互式设置密码 if printf "%s\n%s\n" "${ROOT_PASSWORD}" "${ROOT_PASSWORD}" | passwd root >/dev/null 2>&1; then echo -e "${GREEN}${CHECK} Root密码已设置${NC}" else echo -e "${YELLOW}${WARN} 自动设置密码失败,请手动执行以下命令:${NC}" echo -e "${GREEN}passwd root${NC}" echo -e "${YELLOW}${INFO} 使用此密码: ${ROOT_PASSWORD}${NC}" echo -n -e "${YELLOW}${WARN} 按回车键继续...${NC}" read -r fi
progress_bar 0.5}
# SSH密钥配置setup_ssh_key_auth() { echo -e "\n${CYAN}${KEY} >>> SSH密钥认证配置:${NC}" echo -n -e "${WHITE}${KEY} 是否要生成新的SSH密钥对 (ed25519) 用于root登录? (y/N): ${NC}" read -r gen_key
case "$gen_key" in [Yy]*) echo -ne "${BLUE}${KEY} 正在生成 ed25519 密钥对..." mkdir -p /root/.ssh chmod 700 /root/.ssh
# 生成临时密钥文件 ssh-keygen -t ed25519 -f /root/.ssh/id_script_gen -N "" > /dev/null 2>&1
# 将公钥添加到 authorized_keys cat /root/.ssh/id_script_gen.pub >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys
# 存储私钥内容(不包含多余的分隔符) PRIVATE_KEY_CONTENT=$(cat /root/.ssh/id_script_gen)
# 清理临时密钥文件 rm -f /root/.ssh/id_script_gen /root/.ssh/id_script_gen.pub
KEY_GENERATED=true echo -e " ${GREEN}${CHECK}${NC}" echo -e "${YELLOW}${WARN} 密钥已生成! 私钥将在脚本最后显示,请务必保存!${NC}" progress_bar 1 ;; *) echo -e "${YELLOW}${INFO} 跳过密钥生成。${NC}" KEY_GENERATED=false ;; esac}
# SSH配置 - Debian兼容性修复版本# SSH配置 - 完全修复Debian兼容性问题configure_ssh() { echo -e "\n${BLUE}${CONF} 正在配置SSH...${NC}"
# 备份原配置 cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak.$(date +%Y%m%d_%H%M%S)
# 交互式设置端口 while true; do echo -n -e "${CYAN}${NET} 请输入SSH端口 [默认: 22]: ${NC}" read -r custom_port if [ -z "$custom_port" ]; then SSH_PORT=22 break elif echo "$custom_port" | grep -q '^[0-9]\+$'; then case $custom_port in 0* | *[!-0-9]*) echo -e "${RED}${CROSS} 无效端口号!${NC}" ;; *) if [ "$custom_port" -ge 1 ] && [ "$custom_port" -le 65535 ]; then SSH_PORT=$custom_port break else echo -e "${RED}${CROSS} 端口必须在 1-65535 之间!${NC}" fi ;; esac else echo -e "${RED}${CROSS} 无效端口号! 请输入数字${NC}" fi done echo -e "${GREEN}${CHECK} SSH端口将设置为: ${SSH_PORT}${NC}"
# 交互式设置密码登录 echo -n -e "${CYAN}${LOCK} 是否要禁用密码登录 (推荐使用密钥登录)? (y/N): ${NC}" read -r disable_pass
# 默认保持密码登录启用 PASSWORD_AUTH_ENABLED="yes"
case "$disable_pass" in [Yy]*) if [ "$KEY_GENERATED" = false ]; then echo -e "${YELLOW}${WARN} 警告: 您没有在本脚本中生成密钥。${NC}" echo -n -e "${RED}${LOCK} 您是否确定已安装了其他SSH密钥? 否则将无法登录! (y/N): ${NC}" read -r confirm_disable case "$confirm_disable" in [Yy]*) PASSWORD_AUTH_ENABLED="no" echo -e "${GREEN}${LOCK} 密码登录已禁用。${NC}" ;; *) echo -e "${YELLOW}${INFO} 密码登录将保持启用。${NC}" PASSWORD_AUTH_ENABLED="yes" ;; esac else PASSWORD_AUTH_ENABLED="no" echo -e "${GREEN}${LOCK} 密码登录已禁用 (将使用生成的密钥登录)。${NC}" fi ;; *) # 用户输入n或直接回车,保持密码登录启用 echo -e "${YELLOW}${INFO} 密码登录保持启用。${NC}" PASSWORD_AUTH_ENABLED="yes" ;; esac
# 生成兼容Debian的SSH配置 cat > /etc/ssh/sshd_config <<- EOF# SSH安全配置 - 脚本版本 ${SCRIPT_VERSION} (Debian兼容版)Port ${SSH_PORT}Protocol 2
# 认证设置PermitRootLogin yesPubkeyAuthentication yesPasswordAuthentication ${PASSWORD_AUTH_ENABLED}ChallengeResponseAuthentication noUsePAM yesPermitEmptyPasswords no
# 安全设置MaxAuthTries 3MaxSessions 10LoginGraceTime 60ClientAliveInterval 300ClientAliveCountMax 2TCPKeepAlive yes
# 连接设置X11Forwarding noAllowTcpForwarding yesAllowAgentForwarding yes
# 其他设置PrintMotd noPrintLastLog yesStrictModes yesIgnoreRhosts yesHostbasedAuthentication noCompression delayedBanner none
Subsystem sftp /usr/lib/openssh/sftp-serverEOF
# 检测SSH服务名称和验证方式 detect_ssh_info() { # 检测服务名称 if systemctl is-active ssh >/dev/null 2>&1; then SERVICE_NAME="ssh" elif systemctl is-active sshd >/dev/null 2>&1; then SERVICE_NAME="sshd" else # 尝试启动来检测 if systemctl start ssh >/dev/null 2>&1; then SERVICE_NAME="ssh" elif systemctl start sshd >/dev/null 2>&1; then SERVICE_NAME="sshd" else SERVICE_NAME="ssh" # 默认使用ssh fi fi
# 检测验证命令 if command -v sshd >/dev/null 2>&1; then TEST_CMD="sshd -t" elif [ -f /usr/sbin/sshd ]; then TEST_CMD="/usr/sbin/sshd -t" else TEST_CMD="none" fi
echo "${SERVICE_NAME}:${TEST_CMD}" }
# 验证SSH配置 echo -ne "${BLUE}${CONF} 验证SSH配置语法..."
SSH_INFO=$(detect_ssh_info) SERVICE_NAME=$(echo "$SSH_INFO" | cut -d: -f1) TEST_CMD=$(echo "$SSH_INFO" | cut -d: -f2)
if [ "$TEST_CMD" != "none" ] && $TEST_CMD >/dev/null 2>&1; then echo -e " ${GREEN}${CHECK}${NC}" else echo -e " ${YELLOW}${WARN} 跳过验证${NC}" if [ "$TEST_CMD" = "none" ]; then echo -e "${YELLOW}${INFO} 未找到sshd命令,配置语法验证已跳过${NC}" fi fi
# 重启SSH服务 echo -ne "${BLUE}${CONF} 重启SSH服务..."
# 使用检测到的服务名称重启 if systemctl restart "$SERVICE_NAME" >/dev/null 2>&1; then echo -e " ${GREEN}${CHECK}${NC}" RESTART_SUCCESS=true else # 尝试其他重启方式 if /etc/init.d/"$SERVICE_NAME" restart >/dev/null 2>&1; then echo -e " ${GREEN}${CHECK}${NC}" RESTART_SUCCESS=true else echo -e " ${RED}${CROSS}${NC}" echo -e "${YELLOW}${WARN} 服务重启失败,尝试直接启动...${NC}" systemctl start "$SERVICE_NAME" >/dev/null 2>&1 || \ /etc/init.d/"$SERVICE_NAME" start >/dev/null 2>&1 RESTART_SUCCESS=false fi fi
# 等待服务启动 sleep 3
# 检查服务状态 echo -ne "${BLUE}${CONF} 检查SSH服务状态..." if systemctl is-active "$SERVICE_NAME" >/dev/null 2>&1; then echo -e " ${GREEN}${CHECK} ${SERVICE_NAME}服务运行正常${NC}"
# 检查端口监听 echo -ne "${BLUE}${CONF} 检查端口监听..." if netstat -tln 2>/dev/null | grep -q ":${SSH_PORT} "; then echo -e " ${GREEN}${CHECK} 端口${SSH_PORT}监听正常${NC}" elif ss -tln 2>/dev/null | grep -q ":${SSH_PORT} "; then echo -e " ${GREEN}${CHECK} 端口${SSH_PORT}监听正常${NC}" else echo -e " ${YELLOW}${WARN} 端口${SSH_PORT}未监听${NC}" echo -e "${YELLOW}${INFO} 等待服务完全启动...${NC}" sleep 5
# 再次检查 if netstat -tln 2>/dev/null | grep -q ":${SSH_PORT} "; then echo -e "${GREEN}${CHECK} 端口${SSH_PORT}现在已监听${NC}" else echo -e "${RED}${CROSS} 端口${SSH_PORT}仍然未监听${NC}" echo -e "${YELLOW}${WARN} 请手动检查SSH服务: systemctl status ${SERVICE_NAME}${NC}" fi fi else echo -e " ${RED}${CROSS} ${SERVICE_NAME}服务未运行${NC}" echo -e "${YELLOW}${WARN} 尝试手动启动...${NC}" systemctl start "$SERVICE_NAME" >/dev/null 2>&1 sleep 2 fi
# 显示最终状态 echo -e "${BLUE}${CONF} SSH配置完成总结:${NC}" echo -e " ${BLUE}• ${WHITE}服务名称: ${GREEN}${SERVICE_NAME}${NC}" echo -e " ${BLUE}• ${WHITE}SSH端口: ${GREEN}${SSH_PORT}${NC}" echo -e " ${BLUE}• ${WHITE}密码登录: ${GREEN}${PASSWORD_AUTH_ENABLED}${NC}"
progress_bar 1}
# 防火墙配置setup_firewall() { echo -e "${BLUE}${FIRE} 正在配置防火墙...${NC}"
case ${OS_GROUP} in debian|alpine|arch) if command -v ufw &> /dev/null; then echo -e "${PURPLE}${FIRE} 使用UFW防火墙${NC}" echo -ne " ${BLUE}配置规则..." ufw allow ${SSH_PORT}/tcp > /dev/null 2>&1 (yes | ufw enable) > /dev/null 2>&1 & spinner echo -e " ${GREEN}${CHECK}${NC}" else echo -e "${YELLOW}${WARN} 未检测到UFW,跳过防火墙配置${NC}" fi ;; rhel) if command -v firewall-cmd &> /dev/null; then echo -e "${PURPLE}${FIRE} 使用Firewalld防火墙${NC}" echo -ne " ${BLUE}配置规则..." firewall-cmd --permanent --add-port=${SSH_PORT}/tcp > /dev/null 2>&1 firewall-cmd --reload > /dev/null 2>&1 & spinner echo -e " ${GREEN}${CHECK}${NC}" else echo -e "${YELLOW}${WARN} 未检测到Firewalld,跳过防火墙配置${NC}" fi ;; *) echo -e "${YELLOW}${WARN} 未知的系统组,跳过防火墙配置${NC}" ;; esac progress_bar 0.8}
# Fail2Ban配置setup_fail2ban() { if ! command -v fail2ban-client &> /dev/null; then echo -e "${YELLOW}${WARN} 未检测到Fail2Ban,跳过配置${NC}" return fi
echo -e "${BLUE}${FIRE} 正在配置fail2ban...${NC}"
# 简单的fail2ban配置 cat > /etc/fail2ban/jail.local <<- EOF[sshd]enabled = trueport = ${SSH_PORT}filter = sshdlogpath = /var/log/auth.logmaxretry = 3bantime = 3600findtime = 600EOF
echo -ne "${BLUE}${FIRE} 启动fail2ban服务..." systemctl enable fail2ban > /dev/null 2>&1 systemctl restart fail2ban > /dev/null 2>&1 & spinner echo -e " ${GREEN}${CHECK}${NC}" progress_bar 0.5}
# 显示私钥信息show_private_key() { if [ "$KEY_GENERATED" = true ] && [ -n "$PRIVATE_KEY_CONTENT" ]; then echo -e "\n${CYAN}==============================================" echo -e " ${YELLOW}${WARN} 重要: 请立即保存您的新SSH私钥 ${WARN}${NC}" echo -e "==============================================" echo -e "${WHITE}${SAVE} 保存说明:${NC}" echo -e " ${BLUE}• ${WHITE}将以下内容完整复制并保存到您本地电脑的 .ssh 目录中${NC}" echo -e " ${BLUE}• ${WHITE}文件名建议: id_ed25519_server${NC}" echo -e " ${BLUE}• ${WHITE}保存后设置权限: ${GREEN}chmod 600 ~/.ssh/id_ed25519_server${NC}" echo -e "" echo -e "${WHITE}${KEY} SSH私钥内容:${NC}" echo -e "${GREEN}${PRIVATE_KEY_CONTENT}${NC}" echo -e "" echo -e "${YELLOW}${WARN} 注意: 此私钥仅显示一次,请立即保存!${NC}" echo -e "${CYAN}==============================================" fi}
# 显示连接信息show_connection_info() { echo -e "${WHITE}${SERVER} SSH连接信息:${NC}" echo -e " ${BLUE}• ${NET} 公网IP: ${GREEN}${PUBLIC_IP}${NC}" echo -e " ${BLUE}• ${NET} 内网IP: ${GREEN}${LOCAL_IP}${NC}" echo -e " ${BLUE}• ${CONF} SSH端口: ${GREEN}${SSH_PORT}${NC}" echo -e "" echo -e " ${BLUE}• ${KEY} 使用以下命令连接:${NC}" echo -e " ${GREEN}ssh root@${PUBLIC_IP} -p ${SSH_PORT}${NC}" if [ -n "$LOCAL_IP" ] && [ "$LOCAL_IP" != "127.0.0.1" ]; then echo -e " ${GREEN}ssh root@${LOCAL_IP} -p ${SSH_PORT}${NC}" fi}
# 显示登录方式信息show_auth_info() { echo -e "${WHITE}${LOCK} 登录方式:${NC}" if [ "$PASSWORD_AUTH_ENABLED" = "yes" ]; then echo -e " ${BLUE}• ${PASS} 密码登录: ${GREEN}已启用${NC}" echo -e " ${YELLOW}• ${PASS} 当前root密码: ${GREEN}${ROOT_PASSWORD}${NC}" else echo -e " ${BLUE}• ${PASS} 密码登录: ${RED}已禁用${NC}" fi
if [ "$KEY_GENERATED" = true ]; then echo -e " ${BLUE}• ${KEY} 密钥登录: ${GREEN}已启用 (新密钥已生成)${NC}" else echo -e " ${BLUE}• ${KEY} 密钥登录: ${GREEN}已启用 (请使用您自己的密钥)${NC}" fi}
# 显示安全建议show_security_tips() { echo -e "${CYAN}==============================================" echo -e "${WHITE}${INFO} 安全建议:${NC}" if [ "$PASSWORD_AUTH_ENABLED" = "yes" ]; then echo -e " ${BLUE}• ${LOCK} 立即登录并修改密码 (执行: ${GREEN}passwd${BLUE})${NC}" fi if [ "$KEY_GENERATED" = true ]; then echo -e " ${BLUE}• ${SAVE} 立即保存上面的私钥到安全位置${NC}" fi echo -e " ${BLUE}• ${WARN} 记录密码/密钥后清除终端历史 (执行: ${GREEN}history -c${BLUE})${NC}" echo -e "${CYAN}=============================================="}
# 显示结果show_result() { echo -ne "${BLUE}${NET} 正在获取网络信息..." LOCAL_IP=$( (ip -4 addr show | grep -E 'inet (10\.|172\.|192\.168\.)' | awk '{print $2}' | cut -d'/' -f1 | head -n1) || echo "未知") PUBLIC_IP=$( (curl -s4 --connect-timeout 5 ifconfig.me || curl -s4 --connect-timeout 5 icanhazip.com || echo "无法获取") 2>/dev/null ) echo -e " ${GREEN}${CHECK}${NC}"
clear echo -e "${CYAN}" cat << "EOF" _____ _ _ _ _ / ____| | | | | (_) | || | ___ _ __ ___ | | __ _| |_ _ ___ _ __ ___| || | / _ \| '_ ` _ \| |/ _` | __| |/ _ \| '__/ _ \ || |____ (_) | | | | | | | (_| | |_| | (_) | | | __/_| \_____\___/|_| |_| |_|_|\__,_|\__|_|\___/|_| \___(_)
EOF echo -e "${NC}"
echo -e "${CYAN}==============================================" echo -e " ${SUCCESS} SSH 配置已完成 ${SUCCESS}" echo -e "==============================================" echo -e "${NC}"
# 显示连接信息 show_connection_info echo ""
# 显示登录方式信息 show_auth_info
# 如果生成了密钥,显示私钥 show_private_key
# 显示安全建议 show_security_tips
echo -e "${GREEN}${SUCCESS} 配置完成! 感谢使用本脚本! ${SUCCESS}${NC}" echo -e "${CYAN}=============================================="
# 最后的连接测试提醒 echo -e "\n${YELLOW}${INFO} 请立即测试SSH连接是否正常!${NC}" echo -e "${YELLOW}${INFO} 如果无法连接,请检查防火墙和SELinux设置。${NC}"}
# 脚本自删除self_delete() { echo -e "\n${YELLOW}${INFO} 正在清除脚本...${NC}" rm -f "$0" echo -e "${GREEN}${CHECK} 脚本已删除${NC}"}
# 主流程main() { show_banner check_root detect_system install_deps set_root_password setup_ssh_key_auth configure_ssh setup_firewall setup_fail2ban show_result self_delete}
# 执行主函数main使用方法
- 将脚本上传到服务器(与之前相同):
scp setup-ssh.sh username@your_server_ip:/var/www/html/- 设置脚本的执行权限:
ssh username@your_server_ipsudo chmod +x /var/www/html/setup-ssh.sh一键命令示例
curl -sSL http://your_server_ip/setup-ssh.sh -o setup-ssh.sh && bash setup-ssh.sh安全提示
- 默认密码:使用默认密码可能带来安全隐患,建议在生产环境中始终使用强密码。
- HTTPS:如果可能,使用 HTTPS 来保护传输中的数据。
分享
如果这篇文章对你有帮助,欢迎分享给更多人!
一键更改root密码并开启远程
https://6wd.cn/posts/one-click-change-root-password/ 部分信息可能已经过时
相关文章 智能推荐
1
CentOS 7 内核升级脚本 (kernel-lt-5.4)
学习笔记 set -eo pipefail
2
轻薄本办公本在接通电源的时候风扇大,温度高如何解决
默认分类 计算机/HKEYLOCALMACHINE/SYSTEM/CurrentControlSet/Control/Power/PowerSettings/54533251-82be-4824-96c1...
3
Alist S3 上传指定目录脚本文档
实用教程 此文档将指导你如何使用修改后的 Python 脚本,其中包括以下功能:
4
Ubuntu开启root的ssh链接
学习笔记 1、先进行一下更新软件列表和更新软件,在此之前可以先换国内源,本文就不写了,官方源一样安装ssh。
5
Ubuntu获取root权限
学习笔记 $是普通管员,#是系统管理员,在Ubuntu下,root用户默认是没有密码的,因此也就无法使用(据说是为了安全)。想用root的话,得给root用户设置一个密码: