新增SSH公钥

2024-07-13 02:59:40 +08:00 · 2024-07-13 02:59:40 +08:00 · d4541281a6
commit d4541281a6
parent 1174563c4f
2 changed files with 42 additions and 0 deletions
--- a/ssh/add_ssh_pubkey/README.md
+++ b/ssh/add_ssh_pubkey/README.md
@ -0,0 +1 @@
+# 新增SSH公钥
--- a/ssh/add_ssh_pubkey/add_ssh_pubkey.sh
+++ b/ssh/add_ssh_pubkey/add_ssh_pubkey.sh
@ -0,0 +1,41 @@
+#!/bin/bash
+
+# 检查是否提供了公钥参数
+if [ -z "$1" ]; then
+  echo "Usage: $0 <ssh-public-key>"
+  exit 1
+fi
+
+# 公钥变量
+SSH_KEY="$1"
+
+# 创建 .ssh 目录并设置权限
+mkdir -p ~/.ssh
+chmod 700 ~/.ssh
+
+# 将公钥添加到 authorized_keys 文件
+echo "$SSH_KEY" >> ~/.ssh/authorized_keys
+chmod 600 ~/.ssh/authorized_keys
+
+# 检查并配置sshd_config文件
+SSHD_CONFIG="/etc/ssh/sshd_config"
+if grep -q "^#PasswordAuthentication" $SSHD_CONFIG; then
+    sudo sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication no/' $SSHD_CONFIG
+elif grep -q "^PasswordAuthentication" $SSHD_CONFIG; then
+    sudo sed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' $SSHD_CONFIG
+else
+    echo "PasswordAuthentication no" | sudo tee -a $SSHD_CONFIG
+fi
+
+if grep -q "^#PermitRootLogin" $SSHD_CONFIG; then
+    sudo sed -i 's/^#PermitRootLogin.*/PermitRootLogin prohibit-password/' $SSHD_CONFIG
+elif grep -q "^PermitRootLogin" $SSHD_CONFIG; then
+    sudo sed -i 's/^PermitRootLogin.*/PermitRootLogin prohibit-password/' $SSHD_CONFIG
+else
+    echo "PermitRootLogin prohibit-password" | sudo tee -a $SSHD_CONFIG
+fi
+
+# 重启ssh服务以应用更改
+sudo systemctl restart sshd
+
+echo "SSH key added and password login disabled."