腾讯云轻量国内机dd网络重装debian并改回内网软件源
- dd脚本
wget https://cdn.jsdelivr.net/gh/hiCasper/Shell@master/AutoReinstall.sh && chmod +x AutoReinstall.sh && bash AutoReinstall.sh
原系统建议使用Ubuntu18.04镜像,运行脚本后选择Debian10
- 改回内网软件源
cat <<EOF > /etc/apt/sources.list
deb http://mirrors.tencentyun.com/debian/ buster main contrib non-free
deb http://mirrors.tencentyun.com/debian/ buster-updates main contrib non-free
deb http://mirrors.tencentyun.com/debian/ buster-backports main contrib non-free
deb http://mirrors.tencentyun.com/debian-security buster/updates main contrib non-free
deb-src http://mirrors.tencentyun.com/debian/ buster main contrib non-free
deb-src http://mirrors.tencentyun.com/debian/ buster-updates main contrib non-free
deb-src http://mirrors.tencentyun.com/debian/ buster-backports main contrib non-free
deb-src http://mirrors.tencentyun.com/debian-security buster/updates main contrib non-free
EOF
apt-get update
参考:http://mirrors.cloud.tencent.com/
Linux下SSH配置密钥key登录禁用密码登录
- 首先需要在ROOT用户下操作步骤如下
1 创建用户haoduck
useradd haoduck
2 创建haoduck用户ssh密钥文件夹
mkdir -p /home/haoduck/.ssh/
chmod 700 /home/haoduck/.ssh/
3 创建公钥文件
公钥文件一般从自己的电脑上生成,诸如XShell、MobaXterm等工具都是可以生成的。这里就不赘述了
vim /home/haoduck/.ssh/authorized_keys
chmod 600 /home/haoduck/.ssh/authorized_keys
chown -R haoduck /home/haoduck/.ssh/ #设置文件所有者为新用户haoduck
4 配置sudo权限(可选)
在最后添加一行haoduck ALL=(ALL) ALL
或者haoduck ALL=(ALL) NOPASSWD: ALL
,后者可以免密码使用sudo
chmod u+w /etc/sudoers
vim /etc/sudoers
chmod u-w /etc/sudoers
5 修改sshd配置
vim /etc/ssh/sshd_config
密钥登录:找到以下内容去掉签名的#号
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
禁用密码和ROOT登录:
找到以下内容
PasswordAuthentication yes
PermitRootLogin yes
改为
PasswordAuthentication no
PermitRootLogin no
重启sshdsystemctl restart sshd
或systemctl restart ssh
或service sshd restart
或service ssh restart
- 一键脚本
#!/bin/bash
#username=${1:="haoduck"}
#pubkey=${2:="ssh-xxxxx"}
username="haoduck"
#pubkey="$(wget -qO- https://直链)"
pubkey="ssh-xxxxx"
#yum install -y sudo
#apt-get install -y sudo
useradd ${username}
mkdir -p /home/${username}/.ssh/
chmod 700 /home/${username}/.ssh/
echo $pubkey > /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
chown -R ${username} /home/${username}/.ssh/
#sudo配置
chmod u+w /etc/sudoers
echo "${username} ALL=(ALL) ALL" > /etc/sudoers.d/${username}
#echo "${username} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/${username}
#sshd配置
sshd_file="/etc/ssh/sshd_config"
cp -n $sshd_file /etc/ssh/sshd_config.bak
sed -i "s|#\?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
sed -i "s|#\?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
#sed -i "s|#\?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
#sed -i "s|#\?PermitRootLogin.*|PermitRootLogin no|" $sshd_file
systemctl restart sshd;systemctl restart ssh;service sshd restart;service ssh restart
如果只需要用ROOT用户,可以省略添加用户的步骤,一键脚本如下:
#pubkey="$(wget -qO- https://直链)"
pubkey="ssh-xxxxx" #这里改成你的公钥
mkdir -p /root/.ssh/
chmod 700 /root/.ssh/
echo $pubkey > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
sshd_file="/etc/ssh/sshd_config"
cp -n $sshd_file /etc/ssh/sshd_config.bak
sed -i "s|#\?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
sed -i "s|#\?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
sed -i "s|#\?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
sed -i "s|#\?PermitRootLogin.*|PermitRootLogin yes|" $sshd_file
systemctl restart sshd;systemctl restart ssh;service sshd restart;service ssh restart
CentOS7+warp+wgcf+wireguard-go+wireguard-tools给VPS添加IPV6访问,Ubuntu、Debian同理
本文以CentOS7 x64系统为例
- 一、安装wireguard-go
Github地址:https://github.com/WireGuard/wireguard-go
编译安装
一些需要的软件yum install -y wget git make
如果是debian/ubuntu:apt install -y wget git make
1.安装golang1.16
wget https://golang.org/dl/go1.16.1.linux-amd64.tar.gz
tar xvf go1.16.1.linux-amd64.tar.gz -C /usr/local
cat <<EOF >> /etc/profile
#golang env config
export GO111MODULE=on
export GOROOT=/usr/local/go
export GOPATH=~/gopath
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
EOF
source /etc/profile
2.拉取代码并编译
git clone https://git.zx2c4.com/wireguard-go.git
git checkout 0.0.20201118
cd wireguard-go
make
mv wireguard-go /usr/local/sbin
下载编译好的二进制文件安装
一些需要的软件yum install -y wget
如果是debian/ubuntu:apt install -y wget
wget https://github.com/peng4740/wireguard-go-builder/releases/download/0.0.20201118/wireguard-go-linux-amd64.tar.gz
tar zxf wireguard-go-linux-amd64.tar.gz
mv wireguard-go /usr/local/sbin
rm -f wireguard-go-linux-amd64.tar.gz
- 二、安装wgcf
这个是用来生成warp配置的
Github地址:https://github.com/ViRb3/wgcf
安装
wget https://github.com/ViRb3/wgcf/releases/download/v2.2.2/wgcf_2.2.2_linux_amd64 -O /usr/local/sbin/wgcf
chmod +x /usr/local/sbin/wgcf
用wgcf生成配置
echo|wgcf register
wgcf generate
sed -i '/0\.0\.0\.0\/0/d' wgcf-profile.conf
#sed -i '/\:\:\/0/d' wgcf-profile.conf # 如果是IPV6VPS要添加IPV4则改用这个,上一条不要执行
mkdir -p /etc/wireguard
cp -f wgcf-profile.conf /etc/wireguard/wgcf.conf
- 三、安装wireguard-tools
CentOS7:yum install -y wireguard-tools
如果提示找不到包安装失败了可能是没有epel源,先安装yum install epel-release -y
其他系统其实也是差不多的
Debian:
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable
apt update
apt install -y wireguard
Ubuntu:apt install -y wireguard
- 四、运行测试
1.启动
wg-quick up wgcf
如果运行完就失联了(VPS的SSH终端没反应了)。先重启VPS,检查一下配置有没有问题,可以复制评论给嗷嗷看看。
当然,也不用太担心,如果你没漏掉什么步骤,一般是不会有事的。
2.测试
curl ipv6.ip.sb
如果能正常显示ip就正常
- 五、配置开机自启(务必要运行测试过后再配置)
systemctl enable wg-quick@wgcf
暂无评论内容