forked from ToyoDAdoubi/doubi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ssh_port.sh
217 lines (213 loc) · 7.99 KB
/
ssh_port.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#=================================================
# System Required: Debian/Ubuntu
# Description: SSH modify port
# Version: 1.0.0
# Author: Toyo
# Blog: https://doub.io/linux-jc11/
#=================================================
sh_ver="1.0.0"
CONF="/etc/ssh/sshd_config"
SSH_init_1="/etc/init.d/ssh"
SSH_init_2="/etc/init.d/sshd"
if [[ -e ${SSH_init_1} ]]; then
SSH_init=${SSH_init_1}
elif [[ -e ${SSH_init_2} ]]; then
SSH_init=${SSH_init_2}
else
echo -e "${Error} 找不到 SSH 的服务脚本文件!" && exit 1
fi
bak_text="(可通过备份SSH配置文件复原:[ ${Green_font_prefix}rm -rf /etc/ssh/sshd_config && mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config && ${SSH_init} restart${Font_color_suffix} ])"
over_text="${Tip} 当服务器存在外部防火墙时(如 阿里云、腾讯云、微软云、谷歌云、亚马逊云等),需要外部防火墙开放 新SSH端口TCP协议方可连接!(如使用途中出现任何问题均可通过该代码复原:[ ${Green_font_prefix}rm -rf /etc/ssh/sshd_config && mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config && ${SSH_init} restart${Font_color_suffix} ] )"
Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" && Font_color_suffix="\033[0m"
Info="${Green_font_prefix}[信息]${Font_color_suffix}" && Error="${Red_font_prefix}[错误]${Font_color_suffix}" && Tip="${Green_font_prefix}[注意]${Font_color_suffix}"
filepath=$(cd "$(dirname "$0")"; pwd)
file=$(echo -e "${filepath}"|awk -F "$0" '{print $1}')
#检查系统
check_sys(){
if [[ -f /etc/redhat-release ]]; then
release="centos"
elif cat /etc/issue | grep -q -E -i "debian"; then
release="debian"
elif cat /etc/issue | grep -q -E -i "ubuntu"; then
release="ubuntu"
elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then
release="centos"
elif cat /proc/version | grep -q -E -i "debian"; then
release="debian"
elif cat /proc/version | grep -q -E -i "ubuntu"; then
release="ubuntu"
elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then
release="centos"
fi
#bit=`uname -m`
}
check_installed_status(){
[[ ! -e ${CONF} ]] && echo -e "${Error} SSH配置文件不存在[ ${CONF} ],请检查 !" && exit 1
}
check_pid(){
PID=$(ps -ef| grep '/usr/sbin/sshd'| grep -v grep| awk '{print $2}')
}
Read_config(){
port_all=$(cat ${CONF}|grep -v '#'|grep "Port "|awk '{print $2}')
if [[ -z ${port_all} ]]; then
port=22
else
port=${port_all}
fi
}
Set_port(){
while true
do
echo -e "\n旧SSH端口:${Green_font_prefix}[${port}]${Font_color_suffix}"
echo -e "请输入新的SSH端口 [1-65535]"
read -e -p "(输入为空则取消):" new_port
[[ -z "${new_port}" ]] && echo "取消..." && exit 1
echo $((${new_port}+0)) &>/dev/null
if [[ $? -eq 0 ]]; then
if [[ ${new_port} -ge 1 ]] && [[ ${new_port} -le 65535 ]]; then
if [[ ${new_port} == ${port} ]]; then
echo -e "输入错误, 新端口与旧端口一致。"
else
echo && echo "============================="
echo -e " 新端口 : ${Red_background_prefix} ${new_port} ${Font_color_suffix}"
echo "=============================" && echo
break
fi
else
echo -e "输入错误, 请输入正确的端口。"
fi
else
echo -e "输入错误, 请输入正确的端口。"
fi
done
}
choose_the_way(){
echo -e "请选择SSH端口修改方式:
1. 直接修改(直接修改旧端口为新端口,并且防火墙禁止旧端口 开放新端口)
2. 保守修改(不删除旧端口,先添加新端口,然后手动断开SSH链接并使用新端口尝试链接,如果链接正常,那么再次执行脚本删除旧端口配置)\n
一般来说修改SSH端口不会出现什么问题,但保守起见,我做了两个修改方式。
如果不懂请选 ${Green_font_prefix}[2. 保守修改]${Font_color_suffix},避免因为未知问题而导致修改后无法通过 新端口和旧端口 链接服务器!\n
${over_text}\n"
read -e -p "(默认: 2. 保守修改):" choose_the_way_num
[[ -z "${choose_the_way_num}" ]] && choose_the_way_num="2"
if [[ ${choose_the_way_num} == "1" ]]; then
cp -f "${CONF}" "/etc/ssh/sshd_config.bak"
Direct_modification
elif [[ ${choose_the_way_num} == "2" ]]; then
cp -f "${CONF}" "/etc/ssh/sshd_config.bak"
Conservative_modifications
else
echo -e "${Error} 请输入正确的数字 [1-2]" && exit 1
fi
}
Direct_modification(){
echo -e "${Info} 删除旧端口配置..."
sed -i "/Port ${port}/d" "${CONF}"
echo -e "${Info} 添加新端口配置..."
echo -e "\nPort ${new_port}" >> "${CONF}"
${SSH_init} restart
sleep 2s
check_pid
if [[ -z ${PID} ]]; then
echo -e "${Error} SSH 启动失败 !${bak_text}" && exit 1
else
port_status=$(netstat -lntp|grep ssh|awk '{print $4}'|grep -w "${new_port}")
if [[ -z ${port_status} ]]; then
echo -e "${Error} SSH 端口修改失败 !${bak_text}" && exit 1
else
Del_iptables_ACCEPT
Del_iptables_DROP
Add_iptables_ACCEPT
Add_iptables_DROP
Set_iptables
#rm -rf /etc/ssh/sshd_config.bak
echo -e "${Info} SSH 端口修改成功!新端口:[${Green_font_prefix}${new_port}${Font_color_suffix}]"
echo -e "${over_text}"
fi
fi
}
Conservative_modifications(){
if [[ $1 != "End" ]]; then
echo -e "${Info} 添加新端口配置..."
echo -e "\nPort ${new_port}" >> "${CONF}"
${SSH_init} restart
sleep 2s
check_pid
if [[ -z ${PID} ]]; then
echo -e "${Error} SSH 启动失败 !${bak_text}" && exit 1
else
port_status=$(netstat -lntp|grep ssh|awk '{print $4}'|grep -w "${new_port}")
if [[ -z ${port_status} ]]; then
echo -e "${Error} SSH 端口添加失败 !${bak_text}" && exit 1
else
Add_iptables_ACCEPT
Set_iptables
echo "${new_port}|${port}" > "${file}/ssh_port.conf"
echo -e "${Info} SSH 端口添加成功 !
请手动断开 SSH链接并使用新端口 ${Green_font_prefix}[${new_port}]${Font_color_suffix} 尝试链接,如无法链接 请通过旧端口 ${Green_font_prefix}[${port}]${Font_color_suffix} 链接,如链接正常 请链接后再次执行脚本${Green_font_prefix} [bash ${file}/ssh_port.sh end]${Font_color_suffix} 以删除旧端口配置!"
echo -e "${over_text}"
fi
fi
else
[[ ! -e "${file}/ssh_port.conf" ]] && echo -e "${Error} ${file}/ssh_port.conf 文件缺失 !" && exit 1
new_port=$(cat "${file}/ssh_port.conf"|awk -F '|' '{print $1}')
port=$(cat "${file}/ssh_port.conf"|awk -F '|' '{print $2}')
rm -rf "${file}/ssh_port.conf"
echo -e "${Info} 删除旧端口配置..."
sed -i "/Port ${port}/d" "${CONF}"
${SSH_init} restart
sleep 2s
check_pid
if [[ -z ${PID} ]]; then
echo -e "${Error} SSH 启动失败 !" && exit 1
else
Add_iptables_DROP
Set_iptables
#rm -rf /etc/ssh/sshd_config.bak
echo -e "${Info} 所有配置完成!新端口:[${Green_font_prefix}${new_port}${Font_color_suffix}]"
echo -e "${over_text}"
fi
fi
}
modify_ssh(){
Read_config
Set_port
choose_the_way
}
end_ssh(){
Conservative_modifications "End"
}
Add_iptables_ACCEPT(){
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${new_port} -j ACCEPT
}
Del_iptables_ACCEPT(){
iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport ${port} -j ACCEPT
}
Add_iptables_DROP(){
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${port} -j DROP
}
Del_iptables_DROP(){
iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport ${new_port} -j DROP
}
Set_iptables(){
iptables-save > /etc/iptables.up.rules
echo -e '#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules' > /etc/network/if-pre-up.d/iptables
chmod +x /etc/network/if-pre-up.d/iptables
}
check_sys
[[ ${release} != "debian" ]] && [[ ${release} != "ubuntu" ]] && echo -e "${Error} 本脚本不支持当前系统 ${release} !" && exit 1
check_installed_status
action=$1
[[ -z $1 ]] && action=modify
case "$action" in
modify|end)
${action}_ssh
;;
*)
echo "输入错误 !"
echo "用法: {modify|end}"
;;
esac