#!/bin/bash # Universal SSH Connection Repair Script (v2.0) # Supported OS: CentOS/RHEL, Ubuntu/Debian, openSUSE # Check root privileges if [ "$(id -u)" != "0" ]; then echo "ERROR: This script must be run as root!" >&2 exit 1 fi # Detect OS and init system if [ -f /etc/os-release ]; then . /etc/os-release OS=$ID elif type lsb_release >/dev/null 2>&1; then OS=$(lsb_release -si | tr '[:upper:]' '[:lower:]') else echo "ERROR: Unsupported Linux distribution" >&2 exit 1 fi # Get SSH port from config SSH_PORT=$(grep -E "^Port\s+" /etc/ssh/sshd_config | awk '{print $2}') [ -z "$SSH_PORT" ] && SSH_PORT=22 # Backup config cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak.$(date +%Y%m%d%H%M%S) ############################################## # 1. Check SSH Service Status ############################################## echo "▶ Checking SSH service status..." if systemctl is-active sshd >/dev/null 2>&1 || systemctl is-active ssh >/dev/null 2>&1; then echo "SSH service is running" else case $OS in centos|rhel|fedora) systemctl start sshd && systemctl enable sshd :ml-citation{ref="1,2" data="citationList"} ;; ubuntu|debian) systemctl start ssh && systemctl enable ssh :ml-citation{ref="1,2" data="citationList"} ;; opensuse*) systemctl start sshd && systemctl enable sshd ;; esac fi ############################################## # 2. Firewall Configuration ############################################## echo "▶ Configuring firewall..." if command -v ufw >/dev/null 2>&1; then ufw allow $SSH_PORT/tcp && ufw reload :ml-citation{ref="2" data="citationList"} elif command -v firewall-cmd >/dev/null 2>&1; then firewall-cmd --permanent --add-port=${SSH_PORT}/tcp firewall-cmd --reload :ml-citation{ref="2" data="citationList"} elif command -v iptables >/dev/null 2>&1; then iptables -A INPUT -p tcp --dport ${SSH_PORT} -j ACCEPT service iptables save && service iptables restart :ml-citation{ref="2,4" data="citationList"} else echo "No active firewall detected" fi ############################################## # 3. SELinux/AppArmor Configuration ############################################## echo "▶ Configuring security modules..." # SELinux for RHEL-based if command -v sestatus >/dev/null 2>&1; then if sestatus | grep -q 'enabled'; then setsebool -P sshd_full_access=1 if ! semanage port -l | grep -qw $SSH_PORT; then yum install -y policycoreutils-python-utils >/dev/null 2>&1 || apt-get install -y policycoreutils >/dev/null 2>&1 :ml-citation{ref="3" data="citationList"} semanage port -a -t ssh_port_t -p tcp $SSH_PORT :ml-citation{ref="2" data="citationList"} fi fi fi # AppArmor for Debian-based if command -v aa-status >/dev/null 2>&1; then if aa-status | grep -q 'apparmor module is loaded'; then ln -s /etc/apparmor.d/usr.sbin.sshd /etc/apparmor.d/disable/ >/dev/null 2>&1 systemctl reload apparmor fi fi ############################################## # 4. Core Configuration Adjustments ############################################## echo "▶ Modifying SSH configuration..." CONFIG_FILE="/etc/ssh/sshd_config" sed -i -E "s/^#?PermitRootLogin.*/PermitRootLogin yes/" $CONFIG_FILE sed -i -E "s/^#?PasswordAuthentication.*/PasswordAuthentication yes/" $CONFIG_FILE sed -i -E "s/^#?UseDNS.*/UseDNS no/" $CONFIG_FILE sed -i -E "s/^#?GSSAPIAuthentication.*/GSSAPIAuthentication no/" $CONFIG_FILE :ml-citation{ref="2,5" data="citationList"} ############################################## # 5. Package Installation ############################################## echo "▶ Checking required packages..." case $OS in ubuntu|debian) if ! dpkg -l | grep -qw openssh-server; then apt-get update && apt-get install -y openssh-server :ml-citation{ref="3" data="citationList"} fi ;; centos|rhel) if ! rpm -qa | grep -qw openssh-server; then yum install -y openssh-server :ml-citation{ref="3" data="citationList"} fi ;; esac ############################################## # 6. Service Restart & Validation ############################################## echo "▶ Finalizing configuration..." case $OS in ubuntu|debian) systemctl restart ssh :ml-citation{ref="1,2" data="citationList"} ;; *) systemctl restart sshd :ml-citation{ref="1,2" data="citationList"} ;; esac echo "✔ Repair completed successfully" echo "──────────────────────────────────────" echo "Verification:" echo "- Service Status: $(systemctl is-active sshd 2>/dev/null || systemctl is-active ssh 2>/dev/null)" echo "- Listening Port: $(ss -tnlp | grep ":$SSH_PORT")" echo "──────────────────────────────────────" echo "Test connection with: ssh -p $SSH_PORT user@host"
代码保存为fix_ssh.sh
chmod +x ssh_repair.sh ./ssh_repair.sh