LamGC/quickly-conf-sshd
1
0
Fork 0
mirror of https://github.com/LamGC/quickly-conf-sshd.git synced 2025-10-31 00:26:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

一个看起来基本完成的测试版本,需要测试。

Browse Source
This commit is contained in:
LamGC
2023-01-28 14:10:39 +08:00
parent 55e79bef46
commit de1f094a3e
3 changed files with 248 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
conf-sshd.sh Normal file
View File

@ -0,0 +1,188 @@
# 默认获取 SSH key 的地方,一般是 Github.
sshkey_url="https://github.com/LamGC.keys"
# 默认的 Cron 执行计划, 每天凌晨 0 点执行
default_cron="0 0 * * *"
# 脚本 Url
script_url="{{ script_url }}"
script_params=$@
has_param() {
for param in $script_params; do
for tParam in $script_params; do
if [ "$tParam" == "$param" ]; then
echo "true"
return
fi
done
done
echo "false"
}
get_param_value() {
$find=false
for param in $script_params; do
if [ "$find" == "true" ]; then
echo $param
return
fi
if [ "$param" == "$1" ]; then
if [[ $param == -* ]]; then
return
fi
find=true
fi
done
}
# 检查并更新 SSH key 地址.
if [ $(has_param "-k" "--sshkey-url") == "true" ]; then
new_sshkey_url=$(get_param_value "-k" "--sshkey-url")
if [ "$new_sshkey_url" == "" ]; then
echo "Please specify the URL of the SSH public key."
exit 1
fi
sshkey_url=$new_sshkey_url
fi
# 帮助信息.
if [ $(has_param "-h" "--help") == "true" ]; then
echo "Usage: $0 [options]"
echo "Options:"
echo " -h, --help Print this help message."
echo ""
echo "Available to any user: "
echo " -k, --sshkey-url The URL of the SSH public key."
echo " -c, --cron [cron | false] Configure Crontab to automatically update ssh keys,"
echo " Cron expression can be specified, If false is specified, "
echo " Crontab settings will be deleted automatically."
echo ""
echo " -o, --only-update-keys Only update SSH keys, do not configure ssh server."
echo " -u, --update-self Update this script to the latest version."
echo ""
echo "only available when the script is executed as root:"
echo " -n, --no-install-sshd Do not install SSH Server."
echo " -p, --allow-root-passwd <yes | no> Allow Root to log in with a password."
exit 0
fi
update_sshkeys() {
if [ "$sshkey_url" == "" ]; then
echo "Please specify the URL of the SSH public key."
exit 1
fi
echo "Downloading SSH public key from `$sshkey_url`"
mkdir -p ~/.ssh
ssh_keys=$(curl -s $sshkey_url)
if [ $? -ne 0 ] || [ "$ssh_keys" == "" ]; then
echo "Failed to download SSH public key at $(date '+%Y-%m-%d %H:%M:%S')"
exit 1
fi
curl -s $sshkey_url > ~/.ssh/authorized_keys || (echo "Failed to download SSH public key." && exit 1)
chmod 600 ~/.ssh/authorized_keys
# 输出更新成功,需要附带时间日期
echo "SSH public key updated successfully at $(date '+%Y-%m-%d %H:%M:%S')"
}
# 检查是否只更新密钥.
if [ $(has_param "-o" "--only-update-keys") == "true" ]; then
update_sshkeys
exit 0
fi
# 检查是否指定了 --update-self
if [ $(has_param "-u" "--update-self") == "true" ]; then
cp $0 ~/.conf-sshd/conf-sshd.sh.bak
curl -s $script_url > $0 || cp ~/.conf-sshd/conf-sshd.sh.bak $0 && echo "Script update failed at $(date '+%Y-%m-%d %H:%M:%S')" && exit 1
chmod +x ~/.conf-sshd/conf-sshd.sh
echo "Script updated successfully at $(date '+%Y-%m-%d %H:%M:%S')"
exit 0
fi
# 检查 /usr/sbin/sshd 是否存在,且 /usr/sbin/sshd 执行后退出代码为 0
/usr/sbin/sshd -T > /dev/null
if [ $? -ne 0 ] && [ $(has_param "-n" "--no-install-sshd") == "false" ]; then
if [ $(id -u) -eq 0 ]; then
echo "The ssh server is not installed, and the script is executed as root, so it will be installed."
if [ -f /etc/redhat-release ]; then
yum install -y openssh-server
elif [ -f /etc/debian_version ]; then
apt-get update
apt-get install -y openssh-server
fi
echo "The ssh server has been installed."
else
echo "The ssh server is not installed, but the script is executed as a non-root user and cannot be installed."
exit 1
fi
else
echo "The ssh server is already installed."
fi
# 检查是否指定了 --allow-root-passwd
if [ $(has_param "-p" "--allow-root-passwd") == "true" ]; then
# 检查当前用户是否为 root
if [ $(id -u) -eq 0 ]; then
# 获取参数值
allow_root_passwd=$(get_param_value "-p" "--allow-root-passwd" | tr '[:upper:]' '[:lower:]')
if [ "$allow_root_passwd" == "yes" ]; then
# 设置允许 root 使用密码登录
sed -i 's/PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
elif [ "$allow_root_passwd" == "no" ]; then
# 设置禁止 root 使用密码登录
sed -i 's/PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
else
echo "Please specify whether to allow root to log in with a password."
exit 1
fi
else
echo "The script is executed as a non-root user and cannot set whether to allow root to log in with a password."
exit 1
fi
fi
# 更新密钥.
update_sshkeys
# 检查是否指定了 --cron
if [ $(has_param "-c" "--cron") == "true" ]; then
# 检查 Crontab 是否已安装
if [ $(command -v crontab) == "" ]; then
if [ $(id -u) -eq 0 ]; then
echo "The crontab is not installed, and the script is executed as a root user, so it will be installed."
if [ -f /etc/redhat-release ]; then
yum install -y crontabs
elif [ -f /etc/debian_version ]; then
apt-get update
apt-get install -y cron
fi
echo "The crontab has been installed."
else
echo "The crontab is not installed, but the script is executed as a non-root user and cannot be installed."
exit 1
fi
else
echo "The crontab is already installed."
fi
cron=$(get_param_value "-c" "--cron" | tr '[:upper:]' '[:lower:]')
if [ "$cron" == "false" ]; then
# 检查 Crontab 是否已经设置
if [ "$(crontab -l | grep "conf-sshd.sh")" == "" ]; then
echo "Crontab will not be configured."
exit 0
else
crontab -l | grep -v "conf-sshd.sh" | crontab -
echo "Crontab has been removed."
exit 0
fi
else
if [ "$cron" == "" ]; then
cron=$default_cron
fi
# 将当前脚本移动到 ~/.conf-sshd/conf-sshd.sh 中.
mkdir -p ~/.conf-sshd
cp $0 ~/.conf-sshd/conf-sshd.sh
chmod +x ~/.conf-sshd/conf-sshd.sh
# 将当前脚本添加到 Crontab 中
echo "$cron /bin/bash ~/.conf-sshd/conf-sshd.sh -o -k $sshkey_url" | crontab -
fi
fi

57
install-ssh-worker/src/index.js Normal file
View File

@ -0,0 +1,57 @@
const githubUserName = "LamGC";
const githubInstSshProjectName = "quickly-conf-sshd";
// 一般不用改.
const baseUrl = `https://${githubUserName.toLowerCase()}.github.io/${githubInstSshProjectName}/`;
const installScriptUrl = `${baseUrl}/conf-sshd.sh`;
// 如果出现 Github 无法使用的情况, 可以修改 sshKeyUrl 来变更位置.
const sshKeyUrl = `https://github.com/${githubUserName}.keys`;
// 建议在此设置备用的 SSH 公钥, 以防 Github 无法使用.
const backupSshKeys = ``;
function getUserAgent(request) {
return request.headers.get("User-Agent");
}
export default {
async fetch(request, env) {
const { pathname } = new URL(request.url);
if (pathname === "/ssh.keys") {
let response = await fetch(new Request(sshKeyUrl));
if (response.ok) {
return new Response(response.text(), {
headers: {
"content-type": "text/plain; charset=utf-8"
}
});
} else {
return new Response("Failed to get keys.", {
status: 500,
statusText: "Failed to get keys",
headers: {
"content-type": "text/plain; charset=utf-8"
}
});
}
} else if (pathname === "/") {
const userAgent = getUserAgent(request);
if (userAgent.match(/curl|libcurl/) !== null) {
return new Response("", {
status: 301,
statusText: "Redirect",
headers: {
"Location": installScriptUrl
}
});
} else {
return new Response("", {
status: 301,
statusText: "Redirect",
headers: {
"Location": baseUrl
}
});
}
}
}
}

3
install-ssh-worker/wrangler.toml Normal file
View File

@ -0,0 +1,3 @@
name = "quickly-conf-ssh-worker"
main = "src/index.js"
compatibility_date = "2023-01-26"