#!/bin/bash
# ==========================================
# 参数设置
# ==========================================
ROOT_PASS=”Password123@”
NEW_USER=”system-user”
NEW_USER_PASS=”Pass123@”
# ==========================================
# 1. 基础环境准备 (针对 Debian)
# ==========================================
apt-get update
apt-get install -y sudo openssl
# ==========================================
# 2. Root 账户配置
# ==========================================
# 设置密码并解锁 root 账户(防止 Debian 默认锁定 root)
echo “root:$ROOT_PASS” | chpasswd
usermod -p $(echo “$ROOT_PASS” | openssl passwd -1 -stdin) root
# ==========================================
# 3. 创建 system-user 并赋予 Root 权限
# ==========================================
# 创建用户(如果不存在)
if ! id “$NEW_USER” &>/dev/null; then
useradd -m -s /bin/bash “$NEW_USER”
fi
echo “$NEW_USER:$NEW_USER_PASS” | chpasswd
# 将用户加入 sudo 组
usermod -aG sudo “$NEW_USER”
# 免密执行 sudo(可选:如果你希望该用户执行 sudo 时不需要输入密码,请取消下面一行的注释)
# echo “$NEW_USER ALL=(ALL) NOPASSWD:ALL” >> /etc/sudoers.d/90-cloud-init-users
# ==========================================
# 4. SSH 核心配置 (解决 Debian/Ubuntu 冲突)
# ==========================================
# 强制覆盖主配置
sed -i ‘s/^#\?PermitRootLogin.*/PermitRootLogin yes/g’ /etc/ssh/sshd_config
sed -i ‘s/^#\?PasswordAuthentication.*/PasswordAuthentication yes/g’ /etc/ssh/sshd_config
sed -i ‘s/^#\?KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/g’ /etc/ssh/sshd_config
# 处理 Debian 11/12 常见的子配置文件优先级问题
if [ -d /etc/ssh/sshd_config.d ]; then
# 修改子配置文件中的参数,确保不会覆盖主配置
sed -i ‘s/PasswordAuthentication no/PasswordAuthentication yes/g’ /etc/ssh/sshd_config.d/*.conf 2>/dev/null
sed -i ‘s/PermitRootLogin no/PermitRootLogin yes/g’ /etc/ssh/sshd_config.d/*.conf 2>/dev/null
fi
# ==========================================
# 5. 重启 SSH 服务
# ==========================================
systemctl restart ssh || systemctl restart sshd
echo “Config Complete: Root and $NEW_USER are ready.”