騰訊云輕量國內機dd網絡重裝debian并改回內網軟件源
- dd腳本
wget https://cdn.jsdelivr.net/gh/hiCasper/Shell@master/AutoReinstall.sh && chmod +x AutoReinstall.sh && bash AutoReinstall.sh原系統建議使用Ubuntu18.04鏡像,運行腳本后選擇Debian10
- 改回內網軟件源
cat <<EOF > /etc/apt/sources.list
deb http://mirrors.tencentyun.com/debian/ buster main contrib non-free
deb http://mirrors.tencentyun.com/debian/ buster-updates main contrib non-free
deb http://mirrors.tencentyun.com/debian/ buster-backports main contrib non-free
deb http://mirrors.tencentyun.com/debian-security buster/updates main contrib non-free
deb-src http://mirrors.tencentyun.com/debian/ buster main contrib non-free
deb-src http://mirrors.tencentyun.com/debian/ buster-updates main contrib non-free
deb-src http://mirrors.tencentyun.com/debian/ buster-backports main contrib non-free
deb-src http://mirrors.tencentyun.com/debian-security buster/updates main contrib non-free
EOF
apt-get update參考:http://mirrors.cloud.tencent.com/
Linux下SSH配置密鑰key登錄禁用密碼登錄
- 首先需要在ROOT用戶下操作步驟如下
1 創建用戶haoduck
useradd haoduck
2 創建haoduck用戶ssh密鑰文件夾
mkdir -p /home/haoduck/.ssh/chmod 700 /home/haoduck/.ssh/
3 創建公鑰文件
公鑰文件一般從自己的電腦上生成,諸如XShell、MobaXterm等工具都是可以生成的。這里就不贅述了
vim /home/haoduck/.ssh/authorized_keyschmod 600 /home/haoduck/.ssh/authorized_keyschown -R haoduck /home/haoduck/.ssh/ #設置文件所有者為新用戶haoduck
4 配置sudo權限(可選)
在最后添加一行haoduck ALL=(ALL) ALL或者haoduck ALL=(ALL) NOPASSWD: ALL,后者可以免密碼使用sudo
chmod u+w /etc/sudoersvim /etc/sudoerschmod u-w /etc/sudoers
5 修改sshd配置
vim /etc/ssh/sshd_config
密鑰登錄:找到以下內容去掉簽名的#號
#RSAAuthentication yes#PubkeyAuthentication yes#AuthorizedKeysFile .ssh/authorized_keys
禁用密碼和ROOT登錄:
找到以下內容
PasswordAuthentication yes
PermitRootLogin yes
改為
PasswordAuthentication no
PermitRootLogin no
重啟sshdsystemctl restart sshd或systemctl restart ssh或service sshd restart或service ssh restart
- 一鍵腳本
#!/bin/bash
#username=${1:="haoduck"}
#pubkey=${2:="ssh-xxxxx"}
username="haoduck"
#pubkey="$(wget -qO- https://直鏈)"
pubkey="ssh-xxxxx"
#yum install -y sudo
#apt-get install -y sudo
useradd ${username}
mkdir -p /home/${username}/.ssh/
chmod 700 /home/${username}/.ssh/
echo $pubkey > /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
chown -R ${username} /home/${username}/.ssh/
#sudo配置
chmod u+w /etc/sudoers
echo "${username} ALL=(ALL) ALL" > /etc/sudoers.d/${username}
#echo "${username} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/${username}
#sshd配置
sshd_file="/etc/ssh/sshd_config"
cp -n $sshd_file /etc/ssh/sshd_config.bak
sed -i "s|#\?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
sed -i "s|#\?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
#sed -i "s|#\?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
#sed -i "s|#\?PermitRootLogin.*|PermitRootLogin no|" $sshd_file
systemctl restart sshd;systemctl restart ssh;service sshd restart;service ssh restart如果只需要用ROOT用戶,可以省略添加用戶的步驟,一鍵腳本如下:
#pubkey="$(wget -qO- https://直鏈)"
pubkey="ssh-xxxxx" #這里改成你的公鑰
mkdir -p /root/.ssh/
chmod 700 /root/.ssh/
echo $pubkey > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
sshd_file="/etc/ssh/sshd_config"
cp -n $sshd_file /etc/ssh/sshd_config.bak
sed -i "s|#\?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
sed -i "s|#\?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
sed -i "s|#\?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
sed -i "s|#\?PermitRootLogin.*|PermitRootLogin yes|" $sshd_file
systemctl restart sshd;systemctl restart ssh;service sshd restart;service ssh restartCentOS7+warp+wgcf+wireguard-go+wireguard-tools給VPS添加IPV6訪問,Ubuntu、Debian同理
本文以CentOS7 x64系統為例
- 一、安裝wireguard-go
Github地址:https://github.com/WireGuard/wireguard-go
編譯安裝
一些需要的軟件yum install -y wget git make
如果是debian/ubuntu:apt install -y wget git make
1.安裝golang1.16
wget https://golang.org/dl/go1.16.1.linux-amd64.tar.gz
tar xvf go1.16.1.linux-amd64.tar.gz -C /usr/local
cat <<EOF >> /etc/profile
#golang env config
export GO111MODULE=on
export GOROOT=/usr/local/go
export GOPATH=~/gopath
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
EOF
source /etc/profile2.拉取代碼并編譯
git clone https://git.zx2c4.com/wireguard-go.gitgit checkout 0.0.20201118cd wireguard-gomakemv wireguard-go /usr/local/sbin
下載編譯好的二進制文件安裝
一些需要的軟件yum install -y wget
如果是debian/ubuntu:apt install -y wget
wget https://github.com/peng4740/wireguard-go-builder/releases/download/0.0.20201118/wireguard-go-linux-amd64.tar.gztar zxf wireguard-go-linux-amd64.tar.gzmv wireguard-go /usr/local/sbinrm -f wireguard-go-linux-amd64.tar.gz
- 二、安裝wgcf
這個是用來生成warp配置的
Github地址:https://github.com/ViRb3/wgcf
安裝
wget https://github.com/ViRb3/wgcf/releases/download/v2.2.2/wgcf_2.2.2_linux_amd64 -O /usr/local/sbin/wgcfchmod +x /usr/local/sbin/wgcf
用wgcf生成配置
echo|wgcf registerwgcf generatesed -i '/0\.0\.0\.0\/0/d' wgcf-profile.conf#sed -i '/\:\:\/0/d' wgcf-profile.conf # 如果是IPV6VPS要添加IPV4則改用這個,上一條不要執行mkdir -p /etc/wireguardcp -f wgcf-profile.conf /etc/wireguard/wgcf.conf
- 三、安裝wireguard-tools
CentOS7:yum install -y wireguard-tools
如果提示找不到包安裝失敗了可能是沒有epel源,先安裝yum install epel-release -y
其他系統其實也是差不多的
Debian:
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.listprintf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstableapt updateapt install -y wireguard
Ubuntu:apt install -y wireguard
- 四、運行測試
1.啟動
wg-quick up wgcf
如果運行完就失聯了(VPS的SSH終端沒反應了)。先重啟VPS,檢查一下配置有沒有問題,可以復制評論給嗷嗷看看。
當然,也不用太擔心,如果你沒漏掉什么步驟,一般是不會有事的。
2.測試
curl ipv6.ip.sb
如果能正常顯示ip就正常
- 五、配置開機自啟(務必要運行測試過后再配置)
systemctl enable wg-quick@wgcf
? 版權聲明
THE END
暫無評論內容