scripts/_push_key.py

import os, sys, paramiko
HOST = "207.57.129.228"
PORT = 19717
USER = "root"
PW = os.environ.get("REMOTE_PASS", "")
PUB = os.path.expanduser("~/.ssh/id_rsa.pub")
if not PW:
    print("REMOTE_PASS not set", file=sys.stderr); sys.exit(2)

c = paramiko.SSHClient()
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
    c.connect(HOST, port=PORT, username=USER, password=PW, timeout=15, allow_agent=False, look_for_keys=False)
except Exception as e:
    print("CONNECT FAIL:", e, file=sys.stderr); sys.exit(1)

def run(cmd, check=False):
    si, so, se = c.exec_command(cmd, timeout=15)
    out = so.read().decode("utf-8", "replace")
    err = se.read().decode("utf-8", "replace")
    if out: print(out, end="")
    if err: print("[err]", err, end="", file=sys.stderr)
    if check and (so.channel.recv_exit_status() != 0):
        raise SystemExit(f"cmd failed: {cmd}")

run("mkdir -p /root/.ssh && chmod 700 /root/.ssh")
run("touch /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys")

pub = open(PUB, encoding="utf-8").read().strip()
marker = "news-deploy-key"
if marker not in pub:
    pub = pub + " " + marker

# 用 sftp 写文件(避免 shell 转义)
sftp = c.open_sftp()
ak_path = "/root/.ssh/authorized_keys"
existing = ""
try:
    with sftp.open(ak_path, "r") as f:
        existing = f.read().decode("utf-8", "replace")
except IOError:
    pass

if marker in existing:
    print("[ok] public key already present, skip")
else:
    with sftp.open(ak_path, "a") as f:
        f.write(pub + "\n")
    print("[ok] appended public key to", ak_path)

sftp.close()
run("ls -la /root/.ssh/ && echo '---' && wc -l /root/.ssh/authorized_keys")
c.close()
print("DONE")
fix: 前端类型修复(@types/node + vite-env.d.ts + ufw SSHD_PORT) - frontend: 加 @types/node / vite/client 类型声明 - frontend: tsconfig 加 types: [node, vite/client] - scripts: deploy_remote.sh 用 sg docker + dc() 函数避免引号问题 - scripts: deploy_remote.sh ufw 改用 \ 变量 2026-06-07 23:04:06 +08:00			`import os, sys, paramiko`
			`HOST = "207.57.129.228"`
			`PORT = 19717`
			`USER = "root"`
			`PW = os.environ.get("REMOTE_PASS", "")`
			`PUB = os.path.expanduser("~/.ssh/id_rsa.pub")`
			`if not PW:`
			`print("REMOTE_PASS not set", file=sys.stderr); sys.exit(2)`

			`c = paramiko.SSHClient()`
			`c.set_missing_host_key_policy(paramiko.AutoAddPolicy())`
			`try:`
			`c.connect(HOST, port=PORT, username=USER, password=PW, timeout=15, allow_agent=False, look_for_keys=False)`
			`except Exception as e:`
			`print("CONNECT FAIL:", e, file=sys.stderr); sys.exit(1)`

			`def run(cmd, check=False):`
			`si, so, se = c.exec_command(cmd, timeout=15)`
			`out = so.read().decode("utf-8", "replace")`
			`err = se.read().decode("utf-8", "replace")`
			`if out: print(out, end="")`
			`if err: print("[err]", err, end="", file=sys.stderr)`
			`if check and (so.channel.recv_exit_status() != 0):`
			`raise SystemExit(f"cmd failed: {cmd}")`

			`run("mkdir -p /root/.ssh && chmod 700 /root/.ssh")`
			`run("touch /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys")`

			`pub = open(PUB, encoding="utf-8").read().strip()`
			`marker = "news-deploy-key"`
			`if marker not in pub:`
			`pub = pub + " " + marker`

			`# 用 sftp 写文件(避免 shell 转义)`
			`sftp = c.open_sftp()`
			`ak_path = "/root/.ssh/authorized_keys"`
			`existing = ""`
			`try:`
			`with sftp.open(ak_path, "r") as f:`
			`existing = f.read().decode("utf-8", "replace")`
			`except IOError:`
			`pass`

			`if marker in existing:`
			`print("[ok] public key already present, skip")`
			`else:`
			`with sftp.open(ak_path, "a") as f:`
			`f.write(pub + "\n")`
			`print("[ok] appended public key to", ak_path)`

			`sftp.close()`
			`run("ls -la /root/.ssh/ && echo '---' && wc -l /root/.ssh/authorized_keys")`
			`c.close()`
			`print("DONE")`