#!/bin/bash # 检查是否以 root 权限运行 if [ "$EUID" -ne 0 ]; then echo "[Init]请以 root 权限运行此脚本。" exit 1 fi # 随机生成SSH端口(20000到29999之间) SSH_PORT=$((RANDOM % 10000 + 20000)) # APT更新 echo "[Init]正在更新 APT..." apt update && apt upgrade -y # Fail2ban 安装和配置 echo "[Init]正在安装和配置 Fail2ban..." apt install -y fail2ban rsyslog systemctl enable fail2ban systemctl start fail2ban # 创建一个简单的 Fail2ban 配置 cat </etc/fail2ban/jail.local #DEFAULT-START [DEFAULT] bantime = 600 findtime = 300 maxretry = 5 banaction = iptables-allports action = %(action_mwl)s #DEFAULT-END [sshd] ignoreip = 127.0.0.1/8 enabled = true filter = sshd port = $SSH_PORT maxretry = 5 findtime = 300 bantime = 600 banaction = iptables-allports action = %(action_mwl)s logpath = /var/log/auth.log EOF systemctl restart fail2ban echo "[Init]Fail2ban 安装并配置完成!" # 配置 SSH 密钥登录和关闭密码登录 echo "[Init]正在配置 SSH 密钥登录..." SSH_DIR="/root/.ssh" AUTHORIZED_KEYS="$SSH_DIR/authorized_keys" # 确保 .ssh 目录存在 mkdir -p $SSH_DIR chmod 700 $SSH_DIR # 导入公钥 cat <$AUTHORIZED_KEYS ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4GtBuo9dezirPzwsmnyul3EwRWZFDweu1mCD7YCwt1QLFzjw3YYRpCTCDAoZOaKrV+G5W3awdidCCIWppi8QWjTG6SHvI0wo2Qszz6h5yr7znaRZlaBTKiCQsw7hhiFEVH69TclCFDNdkvbTn3cDAx8zBYYwiVnVBAqclnIlAWI9HQr8fCO5E2rJYQ4zaJZoiiJjNWk46bRtjvN1RyJ1Z1lX5zmYA6V5Wh9v54nSuI5zVlzzuox9sNJbyI3aLeBk37Z1Fc0GxkRwMlfuVHx6CZ/itHs8rVSv7oGVe+3yTu1SW2m+uVQtTXvh0+eFfajfVPpU69Jo0tOF2nlGlXkDBQ== EOF chmod 600 $AUTHORIZED_KEYS echo "[Init]公钥已导入!" # 配置 SSHD echo "[Init]正在配置 SSH 服务..." sed -i.bak -e "s/^#*Port .*/Port $SSH_PORT/" \ -e "s/^#*PasswordAuthentication .*/PasswordAuthentication no/" \ -e "s/^#*PubkeyAuthentication .*/PubkeyAuthentication yes/" \ -e "s/^#*PermitRootLogin .*/PermitRootLogin prohibit-password/" \ /etc/ssh/sshd_config systemctl restart sshd echo "[Init]SSH 配置完成!" # 显示新的 SSH 端口 echo "[Init]所有步骤完成!请使用以下信息连接到您的服务器:" echo "[Init]-----------------------------------------" echo "[Init]SSH 端口:$SSH_PORT" echo "[Init]密钥认证已启用,密码登录已禁用。" echo "[Init]-----------------------------------------"