作为一个合格的MJJ,手上的小鸡不计其数,如果都是用密码登录的话,被爆破的几率会高很多,不安全,尽管可以用fail2ban等来应对爆破,但总觉得还是使用密钥来登录来得安全
SSH 密钥一键配置脚本是一套用于简化 SSH 密钥配置过程的解决方案。使用它以上操作只需要一行命
bash <(curl -fsSL git.io/key.sh) -g P3TERX -d
语法及选项说明
bash <(curl -fsSL git.io/key.sh) [选项...] <参数>
-o
– 覆盖模式,必须写在最前面才会生效-g
– 从 GitHub 获取公钥,参数为 GitHub 用户名-u
– 从 URL 获取公钥,参数为 URL-f
– 从本地文件获取公钥,参数为本地文件路径-p
– 修改 SSH 端口,参数为端口号-d
– 禁用密码登录
生成自己的公钥和私钥保存好之后,可以使用一键本脚本将公钥一键安装到各个VPS,自己只需要保存好私钥文件,那样登录所有的VPS都可以用这一个私钥了。等于一把钥匙开所有的锁,不用每把锁配一把钥匙了。非常的方便和安全!
使用方法
生成 SSH 密钥对
如果没有密钥需要先生成,执行以下命令后一路回车即可。
ssh-keygen -t ecdsa -b 521
TIPS: 此方法适用于 Windows 10 (1803后)的 PowerShell 或 WSL,Linux 发行版和 macOS 自带的终端,但不仅限于这些环境。
科普: 521 位的 ECDSA 密钥比起 RSA 密钥更安全且验证速度更快。
操作完后会在 ~/.ssh
目录中生两个密钥文件,id_ecdsa
为私钥,id_ecdsa.pub
为公钥。公钥就是我们需要安装在远程主机上的。
科普:
~
符号代表用户主目录,俗称家目录。其路径与当前登陆的用户有关,在 Linux 中普通用户家目录的路径是/home/用户名
,而 root 用户是/root
。Windows 10 中路径是C:\Users\用户名
。在 macOS 中路径是/Users/用户名
。
安装公钥
从 GitHub 获取公钥
在 GitHub 密钥管理页面 添加公钥,比如我的用户名是 P3TERX
,那么在主机上输入以下命令即可:
bash <(curl -fsSL git.io/key.sh) -g P3TERX
从 URL 获取公钥
把公钥上传到网盘,通过网盘链接获取公钥:
bash <(curl -fsSL git.io/key.sh) -u 这里替换成秘钥直链
从本地文件获取公钥
通过 FTP 的方式把公钥传到 VPS 上,然后指定公钥路径:
bash <(curl -fsSL git.io/key.sh) -f ~/key.pub
覆盖模式
使用覆盖模式(-o
)将覆盖 /.ssh/authorized_keys
文件,之前的密钥会被完全替换掉,选项必须写在最前面才会生效,比如:
bash <(curl -fsSL git.io/key.sh) -o -g P3TERX
或者
bash <(curl -fsSL git.io/key.sh) -og P3TERX
禁用密码登录
在确定使用密钥能正常登录后禁用密码登录:
bash <(curl -fsSL git.io/key.sh) -d
修改 SSH 端口
把 SSH 端口修改为 2222
:
bash <(curl -fsSL git.io/key.sh) -p 2222
一键操作
安装密钥、修改端口、禁用密码登录一键操作:
bash <(curl -fsSL git.io/key.sh) -og P3TERX -p 2222 -d
项目地址:
P3TERX/SSH_Key_Installer:通过 GitHub、URL 或本地文件安装 SSH 密钥
脚本备份:
#!/usr/bin/env bash
#=============================================================
# https://github.com/P3TERX/SSH_Key_Installer
# Description: Install SSH keys via GitHub, URL or local files
# Version: 2.7
# Author: P3TERX
# Blog: https://p3terx.com
#=============================================================
VERSION=2.7
RED_FONT_PREFIX="\033[31m"
LIGHT_GREEN_FONT_PREFIX="\033[1;32m"
FONT_COLOR_SUFFIX="\033[0m"
INFO="[${LIGHT_GREEN_FONT_PREFIX}INFO${FONT_COLOR_SUFFIX}]"
ERROR="[${RED_FONT_PREFIX}ERROR${FONT_COLOR_SUFFIX}]"
[ $EUID != 0 ] && SUDO=sudo
USAGE() {
echo "
SSH Key Installer $VERSION
Usage:
bash <(curl -fsSL git.io/key.sh) [options...] <arg>
Options:
-o Overwrite mode, this option is valid at the top
-g Get the public key from GitHub, the arguments is the GitHub ID
-u Get the public key from the URL, the arguments is the URL
-f Get the public key from the local file, the arguments is the local file path
-p Change SSH port, the arguments is port number
-d Disable password login"
}
if [ $# -eq 0 ]; then
USAGE
exit 1
fi
get_github_key() {
if [ "${KEY_ID}" == '' ]; then
read -e -p "Please enter the GitHub account:" KEY_ID
[ "${KEY_ID}" == '' ] && echo -e "${ERROR} Invalid input." && exit 1
fi
echo -e "${INFO} The GitHub account is: ${KEY_ID}"
echo -e "${INFO} Get key from GitHub..."
PUB_KEY=$(curl -fsSL https://github.com/${KEY_ID}.keys)
if [ "${PUB_KEY}" == 'Not Found' ]; then
echo -e "${ERROR} GitHub account not found."
exit 1
elif [ "${PUB_KEY}" == '' ]; then
echo -e "${ERROR} This account ssh key does not exist."
exit 1
fi
}
get_url_key() {
if [ "${KEY_URL}" == '' ]; then
read -e -p "Please enter the URL:" KEY_URL
[ "${KEY_URL}" == '' ] && echo -e "${ERROR} Invalid input." && exit 1
fi
echo -e "${INFO} Get key from URL..."
PUB_KEY=$(curl -fsSL ${KEY_URL})
}
get_loacl_key() {
if [ "${KEY_PATH}" == '' ]; then
read -e -p "Please enter the path:" KEY_PATH
[ "${KEY_PATH}" == '' ] && echo -e "${ERROR} Invalid input." && exit 1
fi
echo -e "${INFO} Get key from $(${KEY_PATH})..."
PUB_KEY=$(cat ${KEY_PATH})
}
install_key() {
[ "${PUB_KEY}" == '' ] && echo "${ERROR} ssh key does not exist." && exit 1
if [ ! -f "${HOME}/.ssh/authorized_keys" ]; then
echo -e "${INFO} '${HOME}/.ssh/authorized_keys' is missing..."
echo -e "${INFO} Creating ${HOME}/.ssh/authorized_keys..."
mkdir -p ${HOME}/.ssh/
touch ${HOME}/.ssh/authorized_keys
if [ ! -f "${HOME}/.ssh/authorized_keys" ]; then
echo -e "${ERROR} Failed to create SSH key file."
else
echo -e "${INFO} Key file created, proceeding..."
fi
fi
if [ "${OVERWRITE}" == 1 ]; then
echo -e "${INFO} Overwriting SSH key..."
echo -e "${PUB_KEY}\n" >${HOME}/.ssh/authorized_keys
else
echo -e "${INFO} Adding SSH key..."
echo -e "\n${PUB_KEY}\n" >>${HOME}/.ssh/authorized_keys
fi
chmod 700 ${HOME}/.ssh/
chmod 600 ${HOME}/.ssh/authorized_keys
[[ $(grep "${PUB_KEY}" "${HOME}/.ssh/authorized_keys") ]] &&
echo -e "${INFO} SSH Key installed successfully!" || {
echo -e "${ERROR} SSH key installation failed!"
exit 1
}
}
change_port() {
echo -e "${INFO} Changing SSH port to ${SSH_PORT} ..."
if [ $(uname -o) == Android ]; then
[[ -z $(grep "Port " "$PREFIX/etc/ssh/sshd_config") ]] &&
echo -e "${INFO} Port ${SSH_PORT}" >>$PREFIX/etc/ssh/sshd_config ||
sed -i "s@.*\(Port \).*@\1${SSH_PORT}@" $PREFIX/etc/ssh/sshd_config
[[ $(grep "Port " "$PREFIX/etc/ssh/sshd_config") ]] && {
echo -e "${INFO} SSH port changed successfully!"
RESTART_SSHD=2
} || {
RESTART_SSHD=0
echo -e "${ERROR} SSH port change failed!"
exit 1
}
else
$SUDO sed -i "s@.*\(Port \).*@\1${SSH_PORT}@" /etc/ssh/sshd_config && {
echo -e "${INFO} SSH port changed successfully!"
RESTART_SSHD=1
} || {
RESTART_SSHD=0
echo -e "${ERROR} SSH port change failed!"
exit 1
}
fi
}
disable_password() {
if [ $(uname -o) == Android ]; then
sed -i "s@.*\(PasswordAuthentication \).*@\1no@" $PREFIX/etc/ssh/sshd_config && {
RESTART_SSHD=2
echo -e "${INFO} Disabled password login in SSH."
} || {
RESTART_SSHD=0
echo -e "${ERROR} Disable password login failed!"
exit 1
}
else
$SUDO sed -i "s@.*\(PasswordAuthentication \).*@\1no@" /etc/ssh/sshd_config && {
RESTART_SSHD=1
echo -e "${INFO} Disabled password login in SSH."
} || {
RESTART_SSHD=0
echo -e "${ERROR} Disable password login failed!"
exit 1
}
fi
}
while getopts "og:u:f:p:d" OPT; do
case $OPT in
o)
OVERWRITE=1
;;
g)
KEY_ID=$OPTARG
get_github_key
install_key
;;
u)
KEY_URL=$OPTARG
get_url_key
install_key
;;
f)
KEY_PATH=$OPTARG
get_loacl_key
install_key
;;
p)
SSH_PORT=$OPTARG
change_port
;;
d)
disable_password
;;
?)
USAGE
exit 1
;;
:)
USAGE
exit 1
;;
*)
USAGE
exit 1
;;
esac
done
if [ "$RESTART_SSHD" = 1 ]; then
echo -e "${INFO} Restarting sshd..."
$SUDO systemctl restart sshd && echo -e "${INFO} Done."
elif [ "$RESTART_SSHD" = 2 ]; then
echo -e "${INFO} Restart sshd or Termux App to take effect."
fi
没有回复内容