183 lines
5.6 KiB
Bash
183 lines
5.6 KiB
Bash
#!/bin/bash
|
||
declare pick
|
||
echo "========Login========"
|
||
echo "1.修改root密码"
|
||
echo "2.ssh安装密钥"
|
||
echo "3.新建用户"
|
||
echo "4.管理ssh登录方式"
|
||
echo "5.更换ssh端口"
|
||
echo "任意输入返回主菜单"
|
||
echo "========Login========"
|
||
read -p "请输入要使用的功能:" pick
|
||
|
||
|
||
case $pick in
|
||
1)
|
||
declare password
|
||
read -p "请输入root密码:" password
|
||
echo "root:$password" |sudo chpasswd
|
||
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
|
||
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config
|
||
sudo systemctl restart sshd.service
|
||
echo "修改成功当前root密码为:$password"
|
||
;;
|
||
2)
|
||
declare key
|
||
echo "请输入公钥或文件路径:"
|
||
echo "默认:$HOME/.ssh/id_rsa.pub"
|
||
read -p "回车默认:" key
|
||
|
||
if [[ -z $key ]];then
|
||
key="$HOME/.ssh/id_rsa.pub"
|
||
fi
|
||
|
||
if [[ -f $key ]];then
|
||
key=$(cat "$key")
|
||
fi
|
||
if [[ ! $key =~ ^ssh-(rsa|ecdsa-sha2-nistp[0-9]+|ed25519|dss) ]];then
|
||
echo "公钥不合法"
|
||
exit 1
|
||
fi
|
||
|
||
mkdir -p "$HOME/.ssh"
|
||
echo "$key" > "$HOME/.ssh/authorized_keys"
|
||
|
||
chmod 600 "$HOME/.ssh/authorized_keys"
|
||
chmod 700 "$HOME/.ssh"
|
||
|
||
sudo sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
|
||
|
||
declare pick2
|
||
echo "是否关闭密码登录:"
|
||
read -p "输入 n 取消关闭:" pick2
|
||
|
||
if [[ ! $pick2 =~ [Nn] ]];then
|
||
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config
|
||
fi
|
||
|
||
|
||
sudo systemctl restart sshd.service
|
||
|
||
echo "密钥安装完成"
|
||
;;
|
||
3)
|
||
declare user_name
|
||
read -p "请输入你想创建的用户名:" user_name
|
||
|
||
if id "$user_name" &>/dev/null; then
|
||
echo "用户 $user_name 已存在。"
|
||
exit 1
|
||
fi
|
||
|
||
useradd -m -s /bin/bash "$user_name"
|
||
|
||
if grep -q "^$user_name " /etc/sudoers;then
|
||
sudo sed -i "s/^#\?$user_name.*/lsy ALL=(ALL) NOPASSWD: ALL/g" /etc/sudoers
|
||
else
|
||
sudo echo "lsy ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||
fi
|
||
|
||
|
||
declare pick
|
||
echo "用户登录方式"
|
||
echo "y.密码登录"
|
||
echo "n.使用root用户公钥"
|
||
read -p "默认y,请输入:" pick
|
||
if [[ ! $pick =~ [Nn] ]];then
|
||
declare password
|
||
read -p "请输入密码:" password
|
||
echo "$user_name:$password" |sudo chpasswd
|
||
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config;
|
||
echo "创建成功"
|
||
echo "账号:$user_name"
|
||
echo "密码:$password"
|
||
else
|
||
sudo sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
|
||
su "$user_name" -c "mkdir -p '/home/$user_name/.ssh'"
|
||
sudo cp "/root/.ssh/authorized_keys" "/home/$user_name/.ssh/authorized_keys"
|
||
sudo chown lsy:lsy "/home/$user_name/.ssh/authorized_keys"
|
||
su "$user_name" -c "chmod 600 '/home/$user_name/.ssh/authorized_keys'"
|
||
su "$user_name" -c "chmod 700 '/home/$user_name/.ssh/'"
|
||
|
||
echo "创建成功"
|
||
echo "账号:$user_name"
|
||
echo "密钥登录"
|
||
fi
|
||
|
||
declare pick2
|
||
echo "是否关闭root登录"
|
||
read -p "输入 n 取消关闭:" pick2
|
||
|
||
if [[ ! $pick2 =~ [Nn] ]];then
|
||
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
|
||
echo "root用户登录已关闭"
|
||
fi
|
||
|
||
sudo systemctl restart sshd.service
|
||
|
||
;;
|
||
4)
|
||
declare pick_root
|
||
declare pick2_key
|
||
declare pick2_password
|
||
echo "是否关闭root登录"
|
||
read -p "输入 n 关闭:" pick_root
|
||
echo "是否关闭密码登录"
|
||
read -p "输入 n 关闭:" pick2_password
|
||
echo "是否关闭密钥登录"
|
||
read -p "输入 n 关闭:" pick2_key
|
||
|
||
if [[ ! $pick_root =~ [Nn] ]];then
|
||
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
|
||
echo "root用户登录:开启"
|
||
else
|
||
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
|
||
echo "root用户登录:关闭"
|
||
fi
|
||
|
||
if [[ ! $pick2_password =~ [Nn] ]];then
|
||
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config
|
||
echo "密码登录:开启"
|
||
else
|
||
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config
|
||
echo "密码登录:关闭"
|
||
fi
|
||
|
||
if [[ ! $pick2_key =~ [Nn] ]];then
|
||
sudo sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
|
||
echo "密钥登录:开启"
|
||
else
|
||
sudo sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication no/g' /etc/ssh/sshd_config
|
||
echo "密钥登录:关闭"
|
||
fi
|
||
|
||
sudo systemctl restart sshd.service
|
||
;;
|
||
5)
|
||
read -p "请输入需要修改的端口号(默认22): " port_number
|
||
|
||
if [[ -z $port_number ]];then
|
||
port_number=22
|
||
fi
|
||
|
||
if ! [[ $port_number =~ ^[0-9]+$ ]] || ! ((port_number > 0 && port_number < 65535)); then
|
||
echo "端口不合法"
|
||
exit
|
||
fi
|
||
|
||
if sudo lsof -i :$port_number -t >/dev/null; then
|
||
echo "$port_number 端口已被占用"
|
||
exit
|
||
fi
|
||
|
||
sudo sed -i "s/^#\?Port.*/Port $port_number/g" /etc/ssh/sshd_config
|
||
|
||
sudo systemctl restart sshd.service
|
||
|
||
echo "端口已经修改为$port_number,记得防火墙放行"
|
||
;;
|
||
*)
|
||
clear
|
||
esac
|
||
|