From de1f094a3e846c451a4ddbe702e09659103eaa1a Mon Sep 17 00:00:00 2001 From: LamGC Date: Sat, 28 Jan 2023 14:10:39 +0800 Subject: [PATCH] =?UTF-8?q?=E4=B8=80=E4=B8=AA=E7=9C=8B=E8=B5=B7=E6=9D=A5?= =?UTF-8?q?=E5=9F=BA=E6=9C=AC=E5=AE=8C=E6=88=90=E7=9A=84=E6=B5=8B=E8=AF=95?= =?UTF-8?q?=E7=89=88=E6=9C=AC=EF=BC=8C=E9=9C=80=E8=A6=81=E6=B5=8B=E8=AF=95?= =?UTF-8?q?=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf-sshd.sh | 188 +++++++++++++++++++++++++++++++ install-ssh-worker/src/index.js | 57 ++++++++++ install-ssh-worker/wrangler.toml | 3 + 3 files changed, 248 insertions(+) create mode 100644 conf-sshd.sh create mode 100644 install-ssh-worker/src/index.js create mode 100644 install-ssh-worker/wrangler.toml diff --git a/conf-sshd.sh b/conf-sshd.sh new file mode 100644 index 0000000..cff379c --- /dev/null +++ b/conf-sshd.sh @@ -0,0 +1,188 @@ +# 默认获取 SSH key 的地方,一般是 Github. +sshkey_url="https://github.com/LamGC.keys" +# 默认的 Cron 执行计划, 每天凌晨 0 点执行 +default_cron="0 0 * * *" +# 脚本 Url +script_url="{{ script_url }}" + +script_params=$@ +has_param() { + for param in $script_params; do + for tParam in $script_params; do + if [ "$tParam" == "$param" ]; then + echo "true" + return + fi + done + done + echo "false" +} + +get_param_value() { + $find=false + for param in $script_params; do + if [ "$find" == "true" ]; then + echo $param + return + fi + if [ "$param" == "$1" ]; then + if [[ $param == -* ]]; then + return + fi + find=true + fi + done +} + +# 检查并更新 SSH key 地址. +if [ $(has_param "-k" "--sshkey-url") == "true" ]; then + new_sshkey_url=$(get_param_value "-k" "--sshkey-url") + if [ "$new_sshkey_url" == "" ]; then + echo "Please specify the URL of the SSH public key." + exit 1 + fi + sshkey_url=$new_sshkey_url +fi + +# 帮助信息. +if [ $(has_param "-h" "--help") == "true" ]; then + echo "Usage: $0 [options]" + echo "Options:" + echo " -h, --help Print this help message." + echo "" + echo "Available to any user: " + echo " -k, --sshkey-url The URL of the SSH public key." + echo " -c, --cron [cron | false] Configure Crontab to automatically update ssh keys," + echo " Cron expression can be specified, If false is specified, " + echo " Crontab settings will be deleted automatically." + echo "" + echo " -o, --only-update-keys Only update SSH keys, do not configure ssh server." + echo " -u, --update-self Update this script to the latest version." + echo "" + echo "only available when the script is executed as root:" + echo " -n, --no-install-sshd Do not install SSH Server." + echo " -p, --allow-root-passwd Allow Root to log in with a password." + exit 0 +fi + +update_sshkeys() { + if [ "$sshkey_url" == "" ]; then + echo "Please specify the URL of the SSH public key." + exit 1 + fi + echo "Downloading SSH public key from `$sshkey_url`" + mkdir -p ~/.ssh + ssh_keys=$(curl -s $sshkey_url) + if [ $? -ne 0 ] || [ "$ssh_keys" == "" ]; then + echo "Failed to download SSH public key at $(date '+%Y-%m-%d %H:%M:%S')" + exit 1 + fi + curl -s $sshkey_url > ~/.ssh/authorized_keys || (echo "Failed to download SSH public key." && exit 1) + chmod 600 ~/.ssh/authorized_keys + # 输出更新成功,需要附带时间日期 + echo "SSH public key updated successfully at $(date '+%Y-%m-%d %H:%M:%S')" +} + +# 检查是否只更新密钥. +if [ $(has_param "-o" "--only-update-keys") == "true" ]; then + update_sshkeys + exit 0 +fi + +# 检查是否指定了 --update-self +if [ $(has_param "-u" "--update-self") == "true" ]; then + cp $0 ~/.conf-sshd/conf-sshd.sh.bak + curl -s $script_url > $0 || cp ~/.conf-sshd/conf-sshd.sh.bak $0 && echo "Script update failed at $(date '+%Y-%m-%d %H:%M:%S')" && exit 1 + chmod +x ~/.conf-sshd/conf-sshd.sh + echo "Script updated successfully at $(date '+%Y-%m-%d %H:%M:%S')" + exit 0 +fi + +# 检查 /usr/sbin/sshd 是否存在,且 /usr/sbin/sshd 执行后退出代码为 0 +/usr/sbin/sshd -T > /dev/null +if [ $? -ne 0 ] && [ $(has_param "-n" "--no-install-sshd") == "false" ]; then + if [ $(id -u) -eq 0 ]; then + echo "The ssh server is not installed, and the script is executed as root, so it will be installed." + if [ -f /etc/redhat-release ]; then + yum install -y openssh-server + elif [ -f /etc/debian_version ]; then + apt-get update + apt-get install -y openssh-server + fi + echo "The ssh server has been installed." + else + echo "The ssh server is not installed, but the script is executed as a non-root user and cannot be installed." + exit 1 + fi +else + echo "The ssh server is already installed." +fi + +# 检查是否指定了 --allow-root-passwd +if [ $(has_param "-p" "--allow-root-passwd") == "true" ]; then + # 检查当前用户是否为 root + if [ $(id -u) -eq 0 ]; then + # 获取参数值 + allow_root_passwd=$(get_param_value "-p" "--allow-root-passwd" | tr '[:upper:]' '[:lower:]') + if [ "$allow_root_passwd" == "yes" ]; then + # 设置允许 root 使用密码登录 + sed -i 's/PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config + elif [ "$allow_root_passwd" == "no" ]; then + # 设置禁止 root 使用密码登录 + sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config + else + echo "Please specify whether to allow root to log in with a password." + exit 1 + fi + else + echo "The script is executed as a non-root user and cannot set whether to allow root to log in with a password." + exit 1 + fi +fi + +# 更新密钥. +update_sshkeys + +# 检查是否指定了 --cron +if [ $(has_param "-c" "--cron") == "true" ]; then + # 检查 Crontab 是否已安装 + if [ $(command -v crontab) == "" ]; then + if [ $(id -u) -eq 0 ]; then + echo "The crontab is not installed, and the script is executed as a root user, so it will be installed." + if [ -f /etc/redhat-release ]; then + yum install -y crontabs + elif [ -f /etc/debian_version ]; then + apt-get update + apt-get install -y cron + fi + echo "The crontab has been installed." + else + echo "The crontab is not installed, but the script is executed as a non-root user and cannot be installed." + exit 1 + fi + else + echo "The crontab is already installed." + fi + cron=$(get_param_value "-c" "--cron" | tr '[:upper:]' '[:lower:]') + if [ "$cron" == "false" ]; then + # 检查 Crontab 是否已经设置 + if [ "$(crontab -l | grep "conf-sshd.sh")" == "" ]; then + echo "Crontab will not be configured." + exit 0 + else + crontab -l | grep -v "conf-sshd.sh" | crontab - + echo "Crontab has been removed." + exit 0 + fi + else + if [ "$cron" == "" ]; then + cron=$default_cron + fi + # 将当前脚本移动到 ~/.conf-sshd/conf-sshd.sh 中. + mkdir -p ~/.conf-sshd + cp $0 ~/.conf-sshd/conf-sshd.sh + chmod +x ~/.conf-sshd/conf-sshd.sh + # 将当前脚本添加到 Crontab 中 + echo "$cron /bin/bash ~/.conf-sshd/conf-sshd.sh -o -k $sshkey_url" | crontab - + fi +fi diff --git a/install-ssh-worker/src/index.js b/install-ssh-worker/src/index.js new file mode 100644 index 0000000..e034950 --- /dev/null +++ b/install-ssh-worker/src/index.js @@ -0,0 +1,57 @@ +const githubUserName = "LamGC"; +const githubInstSshProjectName = "quickly-conf-sshd"; + +// 一般不用改. +const baseUrl = `https://${githubUserName.toLowerCase()}.github.io/${githubInstSshProjectName}/`; +const installScriptUrl = `${baseUrl}/conf-sshd.sh`; +// 如果出现 Github 无法使用的情况, 可以修改 sshKeyUrl 来变更位置. +const sshKeyUrl = `https://github.com/${githubUserName}.keys`; +// 建议在此设置备用的 SSH 公钥, 以防 Github 无法使用. +const backupSshKeys = ``; + +function getUserAgent(request) { + return request.headers.get("User-Agent"); +} + +export default { + async fetch(request, env) { + const { pathname } = new URL(request.url); + if (pathname === "/ssh.keys") { + let response = await fetch(new Request(sshKeyUrl)); + if (response.ok) { + return new Response(response.text(), { + headers: { + "content-type": "text/plain; charset=utf-8" + } + }); + } else { + return new Response("Failed to get keys.", { + status: 500, + statusText: "Failed to get keys", + headers: { + "content-type": "text/plain; charset=utf-8" + } + }); + } + } else if (pathname === "/") { + const userAgent = getUserAgent(request); + if (userAgent.match(/curl|libcurl/) !== null) { + return new Response("", { + status: 301, + statusText: "Redirect", + headers: { + "Location": installScriptUrl + } + }); + } else { + return new Response("", { + status: 301, + statusText: "Redirect", + headers: { + "Location": baseUrl + } + }); + } + } + } +} diff --git a/install-ssh-worker/wrangler.toml b/install-ssh-worker/wrangler.toml new file mode 100644 index 0000000..956a932 --- /dev/null +++ b/install-ssh-worker/wrangler.toml @@ -0,0 +1,3 @@ +name = "quickly-conf-ssh-worker" +main = "src/index.js" +compatibility_date = "2023-01-26"