427e1f5cf2
- frontend: 加 @types/node / vite/client 类型声明 - frontend: tsconfig 加 types: [node, vite/client] - scripts: deploy_remote.sh 用 sg docker + dc() 函数避免引号问题 - scripts: deploy_remote.sh ufw 改用 \ 变量
55 lines
1.7 KiB
Python
55 lines
1.7 KiB
Python
import os, sys, paramiko
|
|
HOST = "207.57.129.228"
|
|
PORT = 19717
|
|
USER = "root"
|
|
PW = os.environ.get("REMOTE_PASS", "")
|
|
PUB = os.path.expanduser("~/.ssh/id_rsa.pub")
|
|
if not PW:
|
|
print("REMOTE_PASS not set", file=sys.stderr); sys.exit(2)
|
|
|
|
c = paramiko.SSHClient()
|
|
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
try:
|
|
c.connect(HOST, port=PORT, username=USER, password=PW, timeout=15, allow_agent=False, look_for_keys=False)
|
|
except Exception as e:
|
|
print("CONNECT FAIL:", e, file=sys.stderr); sys.exit(1)
|
|
|
|
def run(cmd, check=False):
|
|
si, so, se = c.exec_command(cmd, timeout=15)
|
|
out = so.read().decode("utf-8", "replace")
|
|
err = se.read().decode("utf-8", "replace")
|
|
if out: print(out, end="")
|
|
if err: print("[err]", err, end="", file=sys.stderr)
|
|
if check and (so.channel.recv_exit_status() != 0):
|
|
raise SystemExit(f"cmd failed: {cmd}")
|
|
|
|
run("mkdir -p /root/.ssh && chmod 700 /root/.ssh")
|
|
run("touch /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys")
|
|
|
|
pub = open(PUB, encoding="utf-8").read().strip()
|
|
marker = "news-deploy-key"
|
|
if marker not in pub:
|
|
pub = pub + " " + marker
|
|
|
|
# 用 sftp 写文件(避免 shell 转义)
|
|
sftp = c.open_sftp()
|
|
ak_path = "/root/.ssh/authorized_keys"
|
|
existing = ""
|
|
try:
|
|
with sftp.open(ak_path, "r") as f:
|
|
existing = f.read().decode("utf-8", "replace")
|
|
except IOError:
|
|
pass
|
|
|
|
if marker in existing:
|
|
print("[ok] public key already present, skip")
|
|
else:
|
|
with sftp.open(ak_path, "a") as f:
|
|
f.write(pub + "\n")
|
|
print("[ok] appended public key to", ak_path)
|
|
|
|
sftp.close()
|
|
run("ls -la /root/.ssh/ && echo '---' && wc -l /root/.ssh/authorized_keys")
|
|
c.close()
|
|
print("DONE")
|