上传文件至 /
This commit is contained in:
parent
78969e55d9
commit
43d4620665
@ -18,10 +18,8 @@ TUNNEL_ID=""
|
|||||||
CREDENTIAL_FILE=""
|
CREDENTIAL_FILE=""
|
||||||
HOSTNAME=""
|
HOSTNAME=""
|
||||||
SSO_USERNAME=""
|
SSO_USERNAME=""
|
||||||
ACCOUNT_ID=""
|
CA_PUB_KEY=""
|
||||||
API_TOKEN=""
|
|
||||||
TUNNEL_TOKEN=""
|
TUNNEL_TOKEN=""
|
||||||
CA_PUB_FILE=""
|
|
||||||
INSTALL_METHOD="config" # 默认使用配置文件方式
|
INSTALL_METHOD="config" # 默认使用配置文件方式
|
||||||
|
|
||||||
# 检查是否为root用户
|
# 检查是否为root用户
|
||||||
@ -46,7 +44,7 @@ print_usage() {
|
|||||||
echo -e " 3. 对于config方式: Tunnel ID 和凭证文件路径"
|
echo -e " 3. 对于config方式: Tunnel ID 和凭证文件路径"
|
||||||
echo -e " 4. 访问SSH的域名 (例如: terminal.mydomain.com)"
|
echo -e " 4. 访问SSH的域名 (例如: terminal.mydomain.com)"
|
||||||
echo -e " 5. 与SSO登录匹配的本地用户名"
|
echo -e " 5. 与SSO登录匹配的本地用户名"
|
||||||
echo -e " 6. Cloudflare SSH证书文件路径"
|
echo -e " 6. Cloudflare SSH证书公钥(从Zero Trust控制台获取)"
|
||||||
echo
|
echo
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -133,22 +131,26 @@ read_input() {
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 获取SSH CA证书文件
|
# 获取SSH CA公钥
|
||||||
echo -e "${YELLOW}请输入Cloudflare SSH证书文件的路径:${NC}"
|
echo -e "${YELLOW}请输入Cloudflare SSH证书公钥:${NC}"
|
||||||
echo -e "这是从Cloudflare Zero Trust控制台获取的SSH CA公钥文件"
|
echo -e "在Zero Trust控制台 > Access > Service Auth > SSH 中找到并复制"
|
||||||
echo -e "在Zero Trust控制台 > Access > Service Auth > SSH 中找到并下载"
|
echo -e "格式如: ecdsa-sha2-nistp256 AAAA... open-ssh-ca@cloudflareaccess.org"
|
||||||
read -p "> " CA_PUB_FILE
|
read -p "> " CA_PUB_KEY
|
||||||
if [ -z "$CA_PUB_FILE" ]; then
|
if [ -z "$CA_PUB_KEY" ]; then
|
||||||
echo -e "${RED}错误: 证书文件路径不能为空${NC}"
|
echo -e "${RED}错误: 证书公钥不能为空${NC}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 检查证书文件是否存在
|
# 验证公钥格式
|
||||||
if [ ! -f "$CA_PUB_FILE" ]; then
|
if [[ ! "$CA_PUB_KEY" =~ ^ecdsa-sha2-nistp256[[:space:]] ]]; then
|
||||||
echo -e "${RED}错误: 证书文件 $CA_PUB_FILE 不存在!${NC}"
|
echo -e "${YELLOW}警告: 公钥格式似乎不正确,应以'ecdsa-sha2-nistp256'开头${NC}"
|
||||||
echo -e "${RED}请确保文件路径正确。${NC}"
|
echo -e "${YELLOW}确定要继续吗? [y/N]${NC}"
|
||||||
|
read -p "> " confirm_key
|
||||||
|
if [[ ! "$confirm_key" =~ ^[Yy]$ ]]; then
|
||||||
|
echo -e "${RED}操作已取消${NC}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# 显示摘要并确认
|
# 显示摘要并确认
|
||||||
echo -e "${GREEN}=====================================================${NC}"
|
echo -e "${GREEN}=====================================================${NC}"
|
||||||
@ -165,7 +167,7 @@ read_input() {
|
|||||||
|
|
||||||
echo -e "域名: $HOSTNAME"
|
echo -e "域名: $HOSTNAME"
|
||||||
echo -e "用户名: $SSO_USERNAME"
|
echo -e "用户名: $SSO_USERNAME"
|
||||||
echo -e "SSH证书文件: $CA_PUB_FILE"
|
echo -e "SSH证书公钥: ${CA_PUB_KEY:0:30}..."
|
||||||
echo -e "${GREEN}=====================================================${NC}"
|
echo -e "${GREEN}=====================================================${NC}"
|
||||||
|
|
||||||
echo -e "${YELLOW}是否确认继续? [y/N]${NC}"
|
echo -e "${YELLOW}是否确认继续? [y/N]${NC}"
|
||||||
@ -304,11 +306,11 @@ setup_short_lived_cert() {
|
|||||||
|
|
||||||
echo -e "${YELLOW}正在配置SSH使用Cloudflare短期证书...${NC}"
|
echo -e "${YELLOW}正在配置SSH使用Cloudflare短期证书...${NC}"
|
||||||
|
|
||||||
# 复制证书文件到SSH配置目录
|
# 将公钥保存到SSH配置目录
|
||||||
cp "$CA_PUB_FILE" /etc/ssh/cloudflare-ca.pub
|
echo "$CA_PUB_KEY" > /etc/ssh/cloudflare-ca.pub
|
||||||
chmod 644 /etc/ssh/cloudflare-ca.pub
|
chmod 644 /etc/ssh/cloudflare-ca.pub
|
||||||
|
|
||||||
echo -e "${GREEN}证书已复制至 /etc/ssh/cloudflare-ca.pub${NC}"
|
echo -e "${GREEN}证书公钥已保存至 /etc/ssh/cloudflare-ca.pub${NC}"
|
||||||
|
|
||||||
# 更新SSH配置
|
# 更新SSH配置
|
||||||
grep -q "^PubkeyAuthentication yes" /etc/ssh/sshd_config || echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
|
grep -q "^PubkeyAuthentication yes" /etc/ssh/sshd_config || echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user