修改公钥路径
This commit is contained in:
@@ -1,17 +1,17 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
echo "== NAS SSH 远程关机初始化脚本 =="
|
echo "== NAS SSH 远程关机初始化脚本(Root 模式) =="
|
||||||
echo "作者: wukongdaily"
|
echo "作者: wukongdaily"
|
||||||
echo "用途: 允许 OpenWrt 通过 SSH 安全关机 NAS"
|
echo "用途: 允许 OpenWrt 通过 SSH 密钥安全关机 NAS(fnOS 兼容)"
|
||||||
echo
|
echo
|
||||||
|
|
||||||
if [ "$EUID" -eq 0 ]; then
|
# 必须使用 root
|
||||||
echo "❌ 请不要使用 root 运行此脚本"
|
if [ "$EUID" -ne 0 ]; then
|
||||||
|
echo "❌ 请使用 root 用户运行此脚本"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
USER_NAME="$(whoami)"
|
|
||||||
SYSTEMCTL_PATH="$(command -v systemctl)"
|
SYSTEMCTL_PATH="$(command -v systemctl)"
|
||||||
|
|
||||||
if [ -z "$SYSTEMCTL_PATH" ]; then
|
if [ -z "$SYSTEMCTL_PATH" ]; then
|
||||||
@@ -19,47 +19,42 @@ if [ -z "$SYSTEMCTL_PATH" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 自动检测可写家目录
|
SSH_DIR="/root/.ssh"
|
||||||
TEST_DIR="$HOME"
|
AUTH_KEYS="$SSH_DIR/authorized_keys"
|
||||||
if [ ! -w "$TEST_DIR" ]; then
|
|
||||||
echo "⚠ 当前 \$HOME ($HOME) 不可写,尝试使用 /vol1/1000"
|
|
||||||
TEST_DIR="/vol1/1000"
|
|
||||||
if [ ! -w "$TEST_DIR" ]; then
|
|
||||||
echo "❌ 没有可写目录,请手动设置 NAS_HOME 变量"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
NAS_HOME="$TEST_DIR"
|
echo "当前用户: root"
|
||||||
|
echo "systemctl 路径: $SYSTEMCTL_PATH"
|
||||||
echo "当前用户: $USER_NAME"
|
echo "SSH 公钥文件: $AUTH_KEYS"
|
||||||
echo "systemctl: $SYSTEMCTL_PATH"
|
|
||||||
echo "将使用目录: $NAS_HOME"
|
|
||||||
echo
|
echo
|
||||||
echo "将执行:"
|
echo "将执行以下操作:"
|
||||||
echo " - 初始化 ~/.ssh 权限"
|
echo " - 创建 /root/.ssh(如不存在)"
|
||||||
echo " - 配置 sudo 允许 poweroff"
|
echo " - 初始化 authorized_keys 权限"
|
||||||
|
echo " - 不修改 sudoers(直接使用 root)"
|
||||||
echo
|
echo
|
||||||
read -p "是否继续?[y/N]: " CONFIRM
|
read -p "是否继续?[y/N]: " CONFIRM
|
||||||
[[ "$CONFIRM" =~ ^[Yy]$ ]] || exit 0
|
[[ "$CONFIRM" =~ ^[Yy]$ ]] || exit 0
|
||||||
|
|
||||||
# SSH 目录
|
echo
|
||||||
mkdir -p "$NAS_HOME/.ssh"
|
echo "== 初始化 SSH 目录 =="
|
||||||
chmod 700 "$NAS_HOME/.ssh"
|
|
||||||
touch "$NAS_HOME/.ssh/authorized_keys"
|
|
||||||
chmod 600 "$NAS_HOME/.ssh/authorized_keys"
|
|
||||||
|
|
||||||
# sudo 规则
|
mkdir -p "$SSH_DIR"
|
||||||
SUDO_RULE="$USER_NAME ALL=(root) NOPASSWD:$SYSTEMCTL_PATH poweroff"
|
chmod 700 "$SSH_DIR"
|
||||||
|
|
||||||
if sudo grep -qF "$SUDO_RULE" /etc/sudoers; then
|
touch "$AUTH_KEYS"
|
||||||
echo "✔ sudo 规则已存在"
|
chmod 600 "$AUTH_KEYS"
|
||||||
else
|
|
||||||
echo "$SUDO_RULE" | sudo tee -a /etc/sudoers >/dev/null
|
echo "✔ SSH 目录与权限已设置"
|
||||||
echo "✔ sudo 规则已写入"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "🎉 初始化完成"
|
echo "🎉 初始化完成"
|
||||||
echo "测试命令:"
|
echo
|
||||||
echo " sudo $SYSTEMCTL_PATH poweroff"
|
echo "下一步你需要做的:"
|
||||||
|
echo "1️⃣ 将 OpenWrt 的 SSH 公钥追加到:"
|
||||||
|
echo " $AUTH_KEYS"
|
||||||
|
echo
|
||||||
|
echo "2️⃣ OpenWrt 侧测试命令:"
|
||||||
|
echo " ssh root@<NAS_IP> \"$SYSTEMCTL_PATH poweroff\""
|
||||||
|
echo
|
||||||
|
echo "⚠️ 建议:"
|
||||||
|
echo " - 该 key 只用于 OpenWrt 自动化"
|
||||||
|
echo " - 不要用于人工登录"
|
||||||
|
|||||||
Reference in New Issue
Block a user