新增功能

- 从 URL 下载公钥（-url 参数）
- 完整 Alpine 支持（OpenRC / BusyBox / 无 systemctl 环境）
- 可选禁用密码登录（-disable-pass 参数）
- 完整兼容 systemd / service / openrc / init.d

dev/ssh-pub.sh

@@ -1,32 +1,40 @@
 #!/bin/bash
 
-# SSH公钥批量配置脚本
-# 用法: ./ssh-pub.sh -pub "your-public-key"
-
 set -euo pipefail
 
-# 默认配置
 DEFAULT_PORT=22
 SSH_PUB_KEY=""
 SSH_PORT="$DEFAULT_PORT"
+SSH_PUB_URL=""
+DISABLE_PASS=0
 
-# 参数解析
 usage() {
-    echo "用法: $0 -pub \"公钥内容\" [-port 端口号]"
-    echo "示例: $0 -pub \"ssh-ed25519 AAAAC3Nza..................\" -port 2222"
+    echo "用法: $0 -pub \"公钥内容\" [-url 公钥URL] [-port 端口] [-disable-pass]"
+    echo "示例:"
+    echo "  $0 -pub \"ssh-ed25519 AAAAC3N...\" -port 2222"
+    echo "  $0 -url \"https://example.com/id_ed25519.pub\""
     exit 1
 }
 
+# 参数解析
 while [[ $# -gt 0 ]]; do
     case $1 in
         -pub)
             SSH_PUB_KEY="$2"
             shift 2
             ;;
+        -url)
+            SSH_PUB_URL="$2"
+            shift 2
+            ;;
         -port)
             SSH_PORT="$2"
             shift 2
             ;;
+        -disable-pass)
+            DISABLE_PASS=1
+            shift 1
+            ;;
         -h|--help)
             usage
             ;;
@@ -37,13 +45,21 @@ while [[ $# -gt 0 ]]; do
     esac
 done
 
-# 检查必需参数
+if [[ -n "$SSH_PUB_URL" ]]; then
+    echo "从 URL 下载公钥: $SSH_PUB_URL"
+    SSH_PUB_KEY=$(curl -fsSL "$SSH_PUB_URL" || true)
+
     if [[ -z "$SSH_PUB_KEY" ]]; then
-    echo "错误: 必须指定公钥 (-pub)"
+        echo "错误: 无法从 URL 获取公钥"
+        exit 1
+    fi
+fi
+
+if [[ -z "$SSH_PUB_KEY" ]]; then
+    echo "错误: 必须提供公钥 (-pub 或 -url)"
     usage
 fi
 
-# 权限检查
 if [[ $EUID -ne 0 ]]; then
     echo "需要 root 权限，正在提升..."
     exec sudo "$0" "$@"
@@ -51,7 +67,6 @@ fi
 
 echo "开始配置 SSH..."
 
-# SSH配置文件路径检测
 SSHD_CONFIG=""
 for config in /etc/ssh/sshd_config /etc/sshd_config; do
     if [[ -f "$config" ]]; then
@@ -61,41 +76,46 @@ for config in /etc/ssh/sshd_config /etc/sshd_config; do
 done
 
 if [[ -z "$SSHD_CONFIG" ]]; then
-    echo "错误: 未找到SSH配置文件"
+    echo "错误: 未找到 sshd_config"
     exit 1
 fi
 
-# 备份原配置
-cp "$SSHD_CONFIG" "${SSHD_CONFIG}.backup.$(date +%s)"
+# 备份
+backup="$SSHD_CONFIG.backup.$(date +%s)"
+cp "$SSHD_CONFIG" "$backup"
+echo "已备份到: $backup"
 
-# 配置SSH
 configure_ssh() {
-    # 允许root登录
     if grep -q "^PermitRootLogin" "$SSHD_CONFIG"; then
         sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' "$SSHD_CONFIG"
     else
         echo "PermitRootLogin yes" >> "$SSHD_CONFIG"
     fi
 
-    # 设置端口
     if grep -q "^Port" "$SSHD_CONFIG"; then
         sed -i "s/^Port.*/Port $SSH_PORT/" "$SSHD_CONFIG"
     else
         echo "Port $SSH_PORT" >> "$SSHD_CONFIG"
     fi
 
-    # 确保密钥认证开启
     if ! grep -q "^PubkeyAuthentication yes" "$SSHD_CONFIG"; then
         echo "PubkeyAuthentication yes" >> "$SSHD_CONFIG"
     fi
+
+    if [[ $DISABLE_PASS -eq 1 ]]; then
+        if grep -q "^PasswordAuthentication" "$SSHD_CONFIG"; then
+            sed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' "$SSHD_CONFIG"
+        else
+            echo "PasswordAuthentication no" >> "$SSHD_CONFIG"
+        fi
+        echo "已禁用密码登录"
+    fi
 }
 
-# 设置SSH密钥
 setup_ssh_key() {
     mkdir -p /root/.ssh
     chmod 700 /root/.ssh
 
-    # 写入公钥，避免重复
     if ! grep -Fxq "$SSH_PUB_KEY" /root/.ssh/authorized_keys 2>/dev/null; then
         echo "$SSH_PUB_KEY" >> /root/.ssh/authorized_keys
     fi
@@ -104,53 +124,58 @@ setup_ssh_key() {
     chown -R root:root /root/.ssh
 }
 
-# 重启SSH服务 - 兼容多种系统
 restart_ssh() {
-    local ssh_service=""
 
-    # 检测SSH服务名称
-    for service in sshd ssh; do
-        if systemctl list-unit-files --type=service 2>/dev/null | grep -q "^${service}.service"; then
-            ssh_service="$service"
-            break
-        fi
-    done
-    
-    if [[ -n "$ssh_service" ]]; then
-        if systemctl restart "$ssh_service" 2>/dev/null; then
+    for svc in sshd ssh; do
+        if command -v systemctl >/dev/null 2>&1; then
+            if systemctl list-unit-files | grep -q "^${svc}.service"; then
+                if systemctl restart "$svc" 2>/dev/null; then
                     echo "SSH 服务已重启 (systemctl)"
                     return 0
                 fi
             fi
+        fi
+    done
 
-    # 回退到传统方式
-    for cmd in "service ssh restart" "service sshd restart" "/etc/init.d/ssh restart" "/etc/init.d/sshd restart"; do
+    for cmd in "service ssh restart" "service sshd restart"; do
         if $cmd 2>/dev/null; then
-            echo "SSH服务已重启 (传统方式)"
+            echo "SSH 服务已重启 (service)"
             return 0
         fi
     done
 
-    echo "警告: 无法自动重启SSH服务，请手动重启"
+    for cmd in "/etc/init.d/ssh restart" "/etc/init.d/sshd restart"; do
+        if $cmd 2>/dev/null; then
+            echo "SSH 服务已重启 (init.d)"
+            return 0
+        fi
+    done
+
+    if command -v rc-service >/dev/null 2>&1; then
+        if rc-service sshd restart 2>/dev/null; then
+            echo "SSH 服务已重启 (OpenRC)"
+            return 0
+        fi
+    fi
+
+    echo "警告: 无法自动重启 SSH，请手动重启"
     return 1
 }
 
-# 执行配置
 configure_ssh
 setup_ssh_key
 
-# 验证配置
 if sshd -t 2>/dev/null; then
     echo "SSH 配置验证通过"
     restart_ssh
 else
     echo "错误: SSH 配置有误，正在恢复备份..."
-    cp "${SSHD_CONFIG}.backup."* "$SSHD_CONFIG" 2>/dev/null || true
+    cp "$backup" "$SSHD_CONFIG"
     exit 1
 fi
 
-# 显示结果
 echo -e "\n配置完成:"
-echo "Root登录: 已启用"
+echo "root 登录: 已启用"
 echo "SSH 端口: $SSH_PORT"
-echo "公钥已添加到: /root/.ssh/authorized_keys"
+echo "公钥已写入: /root/.ssh/authorized_keys"
+[[ $DISABLE_PASS -eq 1 ]] && echo "密码登录: 已禁用"