427e1f5cf2
- frontend: 加 @types/node / vite/client 类型声明 - frontend: tsconfig 加 types: [node, vite/client] - scripts: deploy_remote.sh 用 sg docker + dc() 函数避免引号问题 - scripts: deploy_remote.sh ufw 改用 \ 变量
38 lines
1.5 KiB
Python
38 lines
1.5 KiB
Python
import os, sys, paramiko
|
|
PW = os.environ.get("REMOTE_PASS", "")
|
|
c = paramiko.SSHClient()
|
|
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
c.connect("207.57.129.228", port=19717, username="root", password=PW, timeout=15, allow_agent=False, look_for_keys=False)
|
|
def run(cmd, allow_fail=False):
|
|
print(f"$ {cmd}")
|
|
si, so, se = c.exec_command(cmd, timeout=20)
|
|
out = so.read().decode("utf-8", "replace")
|
|
err = se.read().decode("utf-8", "replace")
|
|
rc = so.channel.recv_exit_status()
|
|
if out: print(out, end="")
|
|
if err: print("[err]", err, end="", file=sys.stderr)
|
|
print(f" -> rc={rc}")
|
|
if rc != 0 and not allow_fail:
|
|
raise SystemExit(f"failed: {cmd}")
|
|
return out, err, rc
|
|
|
|
# 1) 备份
|
|
run("cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.bak.$(date +%s)")
|
|
# 2) 改 PubkeyAuthentication
|
|
run("sed -i -E 's/^#?\\s*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config")
|
|
# 3) 确认
|
|
run("grep -n '^[^#]*PubkeyAuthentication' /etc/ssh/sshd_config")
|
|
# 4) 语法检查
|
|
run("sshd -t && echo 'sshd config OK'")
|
|
# 5) 重启(用 service 或 systemctl,Ubuntu 24 用 systemd)
|
|
# 先试 systemctl,失败回退 service
|
|
out, _, _ = run("systemctl is-active ssh 2>/dev/null || systemctl is-active sshd 2>/dev/null || echo NONE", allow_fail=True)
|
|
if "active" in out:
|
|
run("systemctl restart ssh || systemctl restart sshd")
|
|
else:
|
|
run("service ssh restart || service sshd restart")
|
|
# 6) 再确认 sshd 配置生效
|
|
run("sshd -T 2>/dev/null | grep -i pubkeyauth")
|
|
c.close()
|
|
print("DONE")
|