update 01
This commit is contained in:
66
push-sshkey-to-fnos.sh
Normal file
66
push-sshkey-to-fnos.sh
Normal file
@@ -0,0 +1,66 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
# ===== 参数 =====
|
||||
USER_NAME="$1"
|
||||
NAS_IP="$2"
|
||||
|
||||
KEY_DIR="/root/.ssh"
|
||||
KEY_NAME="id_dropbear"
|
||||
PRIV_KEY="$KEY_DIR/$KEY_NAME"
|
||||
PUB_KEY="$KEY_DIR/$KEY_NAME.pub"
|
||||
|
||||
TARGET_HOME="/home/$USER_NAME"
|
||||
TARGET_SSH_DIR="$TARGET_HOME/.ssh"
|
||||
TARGET_AUTH_KEYS="$TARGET_SSH_DIR/authorized_keys"
|
||||
|
||||
# ===== 参数检查 =====
|
||||
if [ -z "$USER_NAME" ] || [ -z "$NAS_IP" ]; then
|
||||
echo "用法: $0 <飞牛用户名> <飞牛IP>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# ===== 阶段一:在 OpenWrt 上生成 SSH 密钥 =====
|
||||
echo "== [1/2] 检查并生成 SSH 密钥 =="
|
||||
|
||||
if [ ! -d "$KEY_DIR" ]; then
|
||||
mkdir -p "$KEY_DIR"
|
||||
chmod 700 "$KEY_DIR"
|
||||
fi
|
||||
|
||||
if [ ! -f "$PRIV_KEY" ]; then
|
||||
echo "未发现 SSH 密钥,开始生成(ed25519)..."
|
||||
ssh-keygen -t ed25519 -f "$PRIV_KEY" -N ""
|
||||
else
|
||||
echo "已存在 SSH 密钥,跳过生成"
|
||||
fi
|
||||
|
||||
# ===== 阶段二:推送公钥到飞牛 NAS =====
|
||||
echo "== [2/2] 推送公钥到飞牛 NAS =="
|
||||
|
||||
ssh "$USER_NAME@$NAS_IP" "
|
||||
set -e
|
||||
|
||||
# 确保 /home/用户名 存在(飞牛首次安装时需要)
|
||||
if [ ! -d \"$TARGET_HOME\" ]; then
|
||||
sudo mkdir -p \"$TARGET_HOME\"
|
||||
sudo chown $USER_NAME:$USER_NAME \"$TARGET_HOME\"
|
||||
sudo chmod 755 \"$TARGET_HOME\"
|
||||
fi
|
||||
|
||||
# 创建 .ssh 目录
|
||||
sudo mkdir -p \"$TARGET_SSH_DIR\"
|
||||
sudo chown $USER_NAME:$USER_NAME \"$TARGET_SSH_DIR\"
|
||||
sudo chmod 700 \"$TARGET_SSH_DIR\"
|
||||
|
||||
# 准备 authorized_keys
|
||||
sudo touch \"$TARGET_AUTH_KEYS\"
|
||||
sudo chown $USER_NAME:$USER_NAME \"$TARGET_AUTH_KEYS\"
|
||||
sudo chmod 600 \"$TARGET_AUTH_KEYS\"
|
||||
"
|
||||
|
||||
# 写入公钥
|
||||
cat "$PUB_KEY" | ssh "$USER_NAME@$NAS_IP" \
|
||||
"cat >> $TARGET_AUTH_KEYS"
|
||||
|
||||
echo "✅ SSH 免密登录配置完成:$USER_NAME@$NAS_IP"
|
||||
@@ -1,60 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
echo "== NAS SSH 远程关机初始化脚本(Root 模式) =="
|
||||
echo "作者: wukongdaily"
|
||||
echo "用途: 允许 OpenWrt 通过 SSH 密钥安全关机 NAS(fnOS 兼容)"
|
||||
echo
|
||||
|
||||
# 必须使用 root
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "❌ 请使用 root 用户运行此脚本"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SYSTEMCTL_PATH="$(command -v systemctl)"
|
||||
|
||||
if [ -z "$SYSTEMCTL_PATH" ]; then
|
||||
echo "❌ 未检测到 systemctl(非 systemd 系统)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SSH_DIR="/root/.ssh"
|
||||
AUTH_KEYS="$SSH_DIR/authorized_keys"
|
||||
|
||||
echo "当前用户: root"
|
||||
echo "systemctl 路径: $SYSTEMCTL_PATH"
|
||||
echo "SSH 公钥文件: $AUTH_KEYS"
|
||||
echo
|
||||
echo "将执行以下操作:"
|
||||
echo " - 创建 /root/.ssh(如不存在)"
|
||||
echo " - 初始化 authorized_keys 权限"
|
||||
echo " - 不修改 sudoers(直接使用 root)"
|
||||
echo
|
||||
read -p "是否继续?[y/N]: " CONFIRM
|
||||
[[ "$CONFIRM" =~ ^[Yy]$ ]] || exit 0
|
||||
|
||||
echo
|
||||
echo "== 初始化 SSH 目录 =="
|
||||
|
||||
mkdir -p "$SSH_DIR"
|
||||
chmod 700 "$SSH_DIR"
|
||||
|
||||
touch "$AUTH_KEYS"
|
||||
chmod 600 "$AUTH_KEYS"
|
||||
|
||||
echo "✔ SSH 目录与权限已设置"
|
||||
|
||||
echo
|
||||
echo "🎉 初始化完成"
|
||||
echo
|
||||
echo "下一步你需要做的:"
|
||||
echo "1️⃣ 将 OpenWrt 的 SSH 公钥追加到:"
|
||||
echo " $AUTH_KEYS"
|
||||
echo
|
||||
echo "2️⃣ OpenWrt 侧测试命令:"
|
||||
echo " ssh root@<NAS_IP> \"$SYSTEMCTL_PATH poweroff\""
|
||||
echo
|
||||
echo "⚠️ 建议:"
|
||||
echo " - 该 key 只用于 OpenWrt 自动化"
|
||||
echo " - 不要用于人工登录"
|
||||
Reference in New Issue
Block a user