core: 支持修改 ssh rdp web 端口
This commit is contained in:
parent
b3fef989b0
commit
91a969ae75
20
README.en.md
20
README.en.md
@ -126,7 +126,10 @@ certutil -urlcache -f -split https://jihulab.com/bin456789/reinstall/-/raw/main/
|
||||
- On virtual machines, the appropriate official slimmed-down kernel will be automatically installed.
|
||||
- To install Red Hat, you need to provide the `qcow2` image link obtained from <https://access.redhat.com/downloads/content/rhel>.
|
||||
- Username `root`, password `123@@@`. It may take a few minutes for the password to take effect on the first boot.
|
||||
- When switching to key-based authentication, you also need to modify the files inside `/etc/ssh/sshd_config.d/`
|
||||
- After reinstalling, if you need to change SSH port or switch to key-based login, be sure to modify the files inside `/etc/ssh/sshd_config.d/`.
|
||||
- Optional parameters:
|
||||
- `--ssh-port PORT` to change the SSH port
|
||||
- `--hold 2` to prevent entering the system after installation. You can connect via SSH to modify system content, with the system mounted at `/os` (this feature is not supported on Debian/Kali).
|
||||
|
||||
```bash
|
||||
bash reinstall.sh centos 9
|
||||
@ -158,6 +161,8 @@ bash reinstall.sh centos 9
|
||||
|
||||
<summary>Experimental Features</summary>
|
||||
|
||||
The following features are experimental and may not support modifying the SSH port or other options.
|
||||
|
||||
Install Debian using a cloud image, suitable for machines with slower CPUs
|
||||
|
||||
```bash
|
||||
@ -183,6 +188,10 @@ bash reinstall.sh ubuntu --installer
|
||||
- Supports `raw`, `vhd` images or those compressed with `xz` or `gzip`.
|
||||
- When deploy a Windows image, the system disk will be expanded, and machines with static IPs will have their IPs configured. However, it may take a few minutes after the first boot for the configuration to take effect.
|
||||
- When deploy a Linux image, the script will not modify any contents of the image.
|
||||
- Optional parameters:
|
||||
- `--rdp-port PORT` to change the RDP port (Windows only).
|
||||
- `--allow-ping` to allow ping responses (Windows only).
|
||||
- `--hold 2` to prevent entering the system after DD completion. You can connect via SSH to modify system content, with the system mounted at `/os`.
|
||||
|
||||
```bash
|
||||
bash reinstall.sh dd --img https://example.com/xxx.xz
|
||||
@ -218,8 +227,12 @@ bash reinstall.sh netboot.xyz
|
||||
- Username `administrator`, password `123@@@`
|
||||
- If remote login fails, try using the username `.\administrator`.
|
||||
- The machine with a static IP will automatically configure the IP. It may take a few minutes to take effect on the first boot.
|
||||
- Optional parameters:
|
||||
- `--rdp-port PORT` to change the RDP port
|
||||
- `--allow-ping` to allow ping responses
|
||||
- `--hold 2` to allow SSH connections for modifying the hard disk content before rebooting into the official Windows installation program, with the hard disk mounted at `/os`.
|
||||
|
||||
![Installing Windows](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
|
||||
![Windows Installation](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
|
||||
|
||||
#### Method 1: Allow the script to automatically find the ISO
|
||||
|
||||
@ -365,9 +378,10 @@ Most ARM machines support ISO installation of Windows 11 24H2, but some machines
|
||||
- ✔️Azure: B2pts_v2
|
||||
- ✔️Alibaba Cloud: g8y, c8y, r8y (may occasionally get stuck on the boot logo during restart; force restart to resolve)
|
||||
- ✔️Alibaba Cloud: g6r, c6r
|
||||
- ✔️Oracle Cloud: A1.Flex (manual loading of the graphics driver is required after installation)
|
||||
- ✔️Oracle Cloud A1.Flex (Success depends on the machine's creation date; newer instances are more likely to install successfully. You will also need to manually load the GPU drivers after installation.)
|
||||
- ✔️AWS: T4g
|
||||
- ✔️Scaleway: COPARM1
|
||||
- ✔️Gcore
|
||||
- ❌Google Cloud: t2a (lacking network card driver)
|
||||
|
||||
<details>
|
||||
|
20
README.md
20
README.md
@ -126,7 +126,10 @@ certutil -urlcache -f -split https://jihulab.com/bin456789/reinstall/-/raw/main/
|
||||
- 在虚拟机上,会自动安装合适的官方精简内核
|
||||
- 安装 Red Hat 需填写 <https://access.redhat.com/downloads/content/rhel> 得到的 `qcow2` 镜像链接
|
||||
- 用户名 `root` 密码 `123@@@`,可能首次开机几分钟后密码才生效
|
||||
- 改为密钥登录时,还要修改 `/etc/ssh/sshd_config.d/` 里面的文件
|
||||
- 重装后如需修改 SSH 端口 / 改成密钥登录,还要注意修改 `/etc/ssh/sshd_config.d/` 里面的文件
|
||||
- 可选参数
|
||||
- `--ssh-port PORT` 修改 SSH 端口
|
||||
- `--hold 2` 安装结束后不进入系统。可连接 SSH 修改系统内容,系统挂载在 `/os` (此功能不支持 Debian / Kali)
|
||||
|
||||
```bash
|
||||
bash reinstall.sh centos 9
|
||||
@ -158,6 +161,8 @@ bash reinstall.sh centos 9
|
||||
|
||||
<summary>实验性功能</summary>
|
||||
|
||||
以下功能为实验性质,可能不支持修改 ssh 端口等其它选项
|
||||
|
||||
用云镜像安装 Debian,适合于 CPU 较慢的机器
|
||||
|
||||
```bash
|
||||
@ -183,6 +188,10 @@ bash reinstall.sh ubuntu --installer
|
||||
- 支持 `raw` `vhd` 或者经过 `xz` `gzip` 压缩的镜像
|
||||
- DD Windows 镜像时,会扩展系统盘,静态 IP 的机器会配置好 IP,可能首次开机几分钟后才生效
|
||||
- DD Linux 镜像时,脚本不会修改镜像的任何内容
|
||||
- 可选参数
|
||||
- `--rdp-port PORT` 修改 RDP 端口 (仅限 Windows)
|
||||
- `--allow-ping` 允许被 Ping (仅限 Windows)
|
||||
- `--hold 2` DD 结束后不进入系统。可连接 SSH 修改系统内容,系统挂载在 `/os`
|
||||
|
||||
```bash
|
||||
bash reinstall.sh dd --img https://example.com/xxx.xz
|
||||
@ -218,8 +227,12 @@ bash reinstall.sh netboot.xyz
|
||||
- 用户名 `administrator` 密码 `123@@@`
|
||||
- 如果远程登录失败,尝试使用用户名 `.\administrator`
|
||||
- 静态机器会自动配置好 IP,可能首次开机几分钟后才生效
|
||||
- 可选参数
|
||||
- `--rdp-port PORT` 更改 RDP 端口
|
||||
- `--allow-ping` 允许被 Ping
|
||||
- `--hold 2` 在重启进入 Windows 官方安装程序前,可连接 SSH 修改硬盘内容,硬盘挂载在 `/os`
|
||||
|
||||
![Windows 安装中](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
|
||||
![Windows 安装界面](https://github.com/bin456789/reinstall/assets/7548515/07c1aea2-1ce3-4967-904f-aaf9d6eec3f7)
|
||||
|
||||
#### 方法 1: 让脚本自动查找 ISO
|
||||
|
||||
@ -365,9 +378,10 @@ Windows Server 2025 SERVERDATACENTER
|
||||
- ✔️Azure B2pts_v2
|
||||
- ✔️阿里云 g8y c8y r8y (有几率重启时卡开机 Logo,强制重启即可)
|
||||
- ✔️阿里云 g6r c6r
|
||||
- ✔️甲骨文云 A1.Flex (安装后需要手动加载显卡驱动)
|
||||
- ✔️甲骨文云 A1.Flex (视乎机器的创建日期,越新的越有可能成功安装,安装后还需要手动加载显卡驱动)
|
||||
- ✔️AWS T4g
|
||||
- ✔️Scaleway COPARM1
|
||||
- ✔️Gcore
|
||||
- ❌谷歌云 t2a (缺少网卡驱动)
|
||||
|
||||
<details>
|
||||
|
@ -21,10 +21,14 @@ runcmd:
|
||||
# 下面这行删除 clout-init 创建的 sshd_config
|
||||
- test $(wc -l </etc/ssh/sshd_config) -le 1 && cat /etc/ssh/sshd_config >>/etc/ssh/sshd_config.d/50-cloud-init.conf && rm -f /etc/ssh/sshd_config
|
||||
- echo "PermitRootLogin yes" >/etc/ssh/sshd_config.d/01-permitrootlogin.conf || sed -Ei 's/^#?PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
|
||||
- echo "Port @SSH_PORT@" >/etc/ssh/sshd_config.d/01-change-ssh-port.conf || sed -Ei 's/^#?Port .*/Port @SSH_PORT@/' /etc/ssh/sshd_config
|
||||
# 已创建的 ssh 连接会沿用旧的配置(未开启密码登录),这时即使输入正确的密码,也会提示 Access Denied
|
||||
# systemctl restart sshd 只会重启监听进程,不会关闭已创建的连接(子进程)
|
||||
- pkill sshd || true
|
||||
- systemctl restart sshd || systemctl restart ssh
|
||||
# daemon-reload 会刷新 /run/systemd/generator/ssh.socket.d/addresses.conf
|
||||
- systemctl daemon-reload
|
||||
- for s in ssh.socket ssh.service sshd.socket sshd.service; do systemctl is-enabled $s && systemctl restart $s && break; done
|
||||
- sed -i -e '/^[[:space:]]*password:/d' -e '/[[:space:]]*root:/d' /etc/cloud/cloud.cfg.d/99_fallback.cfg
|
||||
- touch /etc/cloud/cloud-init.disabled
|
||||
# ubuntu 镜像运行 echo -e '\nDone' ,-e 会被显示出来
|
||||
- printf '\n%s\n' 'reinstall done' >/dev/tty0 || true
|
||||
|
10
debian.cfg
10
debian.cfg
@ -162,8 +162,16 @@ d-i partman/early_command string true; \
|
||||
# if [ "$link_grub_dir" = 1 ]; then mkdir /target/boot/grub2; echo 'chainloader (hd0)+1' >/target/boot/grub2/grub.cfg; fi; \
|
||||
d-i preseed/late_command string true; \
|
||||
eval "$(grep -o 'extra_link_grub_dir=[^ ]*' /proc/cmdline | sed 's/^extra_//')"; \
|
||||
eval "$(grep -o 'extra_ssh_port=[^ ]*' /proc/cmdline | sed 's/^extra_//')"; \
|
||||
|
||||
if [ "$link_grub_dir" = 1 ]; then ln -s grub /target/boot/grub2; fi; \
|
||||
|
||||
in-target systemctl enable ssh; \
|
||||
|
||||
echo "PermitRootLogin yes" >/target/etc/ssh/sshd_config.d/01-permitrootlogin.conf || \
|
||||
echo "PermitRootLogin yes" >>/target/etc/ssh/sshd_config
|
||||
echo "PermitRootLogin yes" >>/target/etc/ssh/sshd_config; \
|
||||
|
||||
if [ -n "$ssh_port" ] && ! [ "$ssh_port" = 22 ]; then \
|
||||
echo "Port $ssh_port" >/target/etc/ssh/sshd_config.d/01-change-ssh-port.conf || \
|
||||
echo "Port $ssh_port" >>/target/etc/ssh/sshd_config; \
|
||||
fi
|
||||
|
@ -1,6 +1,6 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen @WEB_PORT@;
|
||||
listen [::]:@WEB_PORT@;
|
||||
root /;
|
||||
|
||||
gzip on;
|
||||
|
86
reinstall.sh
86
reinstall.sh
@ -59,6 +59,11 @@ Usage: $reinstall____ centos 9
|
||||
windows --image-name='windows xxx yyy' --iso='http://xxx.com/xxx.iso'
|
||||
netboot.xyz
|
||||
|
||||
Options: [--ssh-port PORT]
|
||||
[--rdp-port PORT]
|
||||
[--web-port PORT]
|
||||
[--allow-ping]
|
||||
|
||||
Manual: https://github.com/bin456789/reinstall
|
||||
|
||||
EOF
|
||||
@ -194,6 +199,14 @@ is_use_firmware() {
|
||||
[ "$nextos_distro" = debian ] && ! is_virt
|
||||
}
|
||||
|
||||
is_digit() {
|
||||
[[ "$1" =~ ^[0-9]+$ ]]
|
||||
}
|
||||
|
||||
is_port_valid() {
|
||||
is_digit "$1" && [ "$1" -ge 1 ] && [ "$1" -le 65535 ]
|
||||
}
|
||||
|
||||
get_host_by_url() {
|
||||
cut -d/ -f3 <<<$1
|
||||
}
|
||||
@ -2315,6 +2328,11 @@ find_grub_extlinux_cfg() {
|
||||
fi
|
||||
}
|
||||
|
||||
# 空格、&、用户输入的网址要加引号,否则 grub 无法正确识别
|
||||
is_need_quote() {
|
||||
[[ "$1" = *' '* ]] || [[ "$1" = *'&'* ]] || [[ "$1" = http* ]]
|
||||
}
|
||||
|
||||
# 转换 finalos_a=1 为 finalos.a=1 ,排除 finalos_mirrorlist
|
||||
build_finalos_cmdline() {
|
||||
if vars=$(compgen -v finalos_); then
|
||||
@ -2322,7 +2340,9 @@ build_finalos_cmdline() {
|
||||
value=${!key}
|
||||
key=${key#finalos_}
|
||||
if [ -n "$value" ] && [ $key != "mirrorlist" ]; then
|
||||
finalos_cmdline+=" finalos_$key='$value'"
|
||||
is_need_quote "$value" &&
|
||||
finalos_cmdline+=" finalos_$key='$value'" ||
|
||||
finalos_cmdline+=" finalos_$key=$value"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
@ -2334,10 +2354,13 @@ build_extra_cmdline() {
|
||||
# 会将 extra.xxx=yyy 写入新系统的 /etc/modprobe.d/local.conf
|
||||
# https://answers.launchpad.net/ubuntu/+question/249456
|
||||
# https://salsa.debian.org/installer-team/rootskel/-/blob/master/src/lib/debian-installer-startup.d/S02module-params?ref_type=heads
|
||||
for key in confhome hold force cloud_image main_disk; do
|
||||
for key in confhome hold force force_old_windows_setup cloud_image main_disk \
|
||||
ssh_port rdp_port web_port allow_ping password; do
|
||||
value=${!key}
|
||||
if [ -n "$value" ]; then
|
||||
extra_cmdline+=" extra_$key='$value'"
|
||||
is_need_quote "$value" &&
|
||||
extra_cmdline+=" extra_$key='$value'" ||
|
||||
extra_cmdline+=" extra_$key=$value"
|
||||
fi
|
||||
done
|
||||
|
||||
@ -3042,8 +3065,28 @@ else
|
||||
fi
|
||||
fi
|
||||
|
||||
long_opts=
|
||||
for o in ci installer debug minimal allow-ping \
|
||||
hold: \
|
||||
sleep: \
|
||||
iso: \
|
||||
image-name: \
|
||||
boot-wim: \
|
||||
img: \
|
||||
lang: \
|
||||
ssh-port: \
|
||||
rdp-port: \
|
||||
web-port: \
|
||||
allow-ping: \
|
||||
commit: \
|
||||
force: \
|
||||
force-old-windows-setup:; do
|
||||
[ -n "$long_opts" ] && long_opts+=,
|
||||
long_opts+=$o
|
||||
done
|
||||
|
||||
# 整理参数
|
||||
if ! opts=$(getopt -n $0 -o "" --long ci,installer,debug,minimal,hold:,sleep:,iso:,image-name:,img:,lang:,commit:,force: -- "$@"); then
|
||||
if ! opts=$(getopt -n $0 -o "" --long "$long_opts" -- "$@"); then
|
||||
usage_and_exit
|
||||
fi
|
||||
|
||||
@ -3073,18 +3116,41 @@ while true; do
|
||||
minimal=1
|
||||
shift
|
||||
;;
|
||||
--allow-ping)
|
||||
allow_ping=1
|
||||
shift
|
||||
;;
|
||||
--hold | --sleep)
|
||||
hold=$2
|
||||
if ! { [ "$hold" = 1 ] || [ "$hold" = 2 ]; }; then
|
||||
error_and_exit "Invalid --hold value: $hold."
|
||||
if ! { [ "$2" = 1 ] || [ "$2" = 2 ]; }; then
|
||||
error_and_exit "Invalid $1 value: $2"
|
||||
fi
|
||||
hold=$2
|
||||
shift 2
|
||||
;;
|
||||
--force)
|
||||
force=$2
|
||||
if ! { [ "$force" = bios ] || [ "$force" = efi ]; }; then
|
||||
error_and_exit "Invalid --force value: $force."
|
||||
if ! { [ "$2" = bios ] || [ "$2" = efi ]; }; then
|
||||
error_and_exit "Invalid $1 value: $2"
|
||||
fi
|
||||
force=$2
|
||||
shift 2
|
||||
;;
|
||||
--ssh-port)
|
||||
is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
|
||||
ssh_port=$2
|
||||
shift 2
|
||||
;;
|
||||
--rdp-port)
|
||||
is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
|
||||
rdp_port=$2
|
||||
shift 2
|
||||
;;
|
||||
--web-port)
|
||||
is_port_valid $2 || error_and_exit "Invalid $1 value: $2"
|
||||
web_port=$2
|
||||
shift 2
|
||||
;;
|
||||
--force-old-windows-setup)
|
||||
force_old_windows_setup=$2
|
||||
shift 2
|
||||
;;
|
||||
--img)
|
||||
|
136
trans.sh
136
trans.sh
@ -75,7 +75,8 @@ wget() {
|
||||
echo "$@" | grep -o 'http[^ ]*' >&2
|
||||
if command wget 2>&1 | grep -q BusyBox; then
|
||||
# busybox wget 没有重试功能
|
||||
retry 5 command wget "$@"
|
||||
# 好像默认永不超时
|
||||
retry 5 command wget "$@" -T 10
|
||||
else
|
||||
# 原版 wget 自带重试功能
|
||||
command wget --tries=5 --progress=bar:force "$@"
|
||||
@ -215,12 +216,21 @@ is_use_cloud_image() {
|
||||
[ -n "$cloud_image" ] && [ "$cloud_image" = 1 ]
|
||||
}
|
||||
|
||||
is_allow_ping() {
|
||||
[ -n "$allow_ping" ] && [ "$allow_ping" = 1 ]
|
||||
}
|
||||
|
||||
setup_nginx() {
|
||||
apk add nginx
|
||||
# shellcheck disable=SC2154
|
||||
wget $confhome/logviewer.html -O /logviewer.html
|
||||
wget $confhome/logviewer-nginx.conf -O /etc/nginx/http.d/default.conf
|
||||
|
||||
if [ -z "$web_port" ]; then
|
||||
web_port=80
|
||||
fi
|
||||
sed -i "s/@WEB_PORT@/$web_port/gi" /etc/nginx/http.d/default.conf
|
||||
|
||||
# rc-service nginx start
|
||||
if pgrep nginx >/dev/null; then
|
||||
nginx -s reload
|
||||
@ -577,6 +587,14 @@ is_windows_support_rdnss() {
|
||||
error_and_exit "Not found kernel32.dll"
|
||||
}
|
||||
|
||||
is_need_change_ssh_port() {
|
||||
[ -n "$ssh_port" ] && ! [ "$ssh_port" = 22 ]
|
||||
}
|
||||
|
||||
is_need_change_rdp_port() {
|
||||
[ -n "$rdp_port" ] && ! [ "$rdp_port" = 3389 ]
|
||||
}
|
||||
|
||||
is_need_manual_set_dnsv6() {
|
||||
# 有没有可能是静态但是有 rdnss?
|
||||
! is_have_ipv6 && return $FALSE
|
||||
@ -1320,6 +1338,9 @@ install_nixos() {
|
||||
if [ -e /os/swapfile ] && $keep_swap; then
|
||||
nix_swap="swapDevices = [{ device = \"/swapfile\"; size = $swap_size; }];"
|
||||
fi
|
||||
if is_need_change_ssh_port; then
|
||||
nix_ssh_ports="services.openssh.ports = [ $ssh_port ];"
|
||||
fi
|
||||
|
||||
# TODO: 准确匹配网卡,添加 udev 或者直接配置 networkd 匹配 mac
|
||||
create_nixos_network_config /tmp/nixos_network_config.nix
|
||||
@ -1332,6 +1353,7 @@ $nix_substituters
|
||||
boot.kernelParams = [ $(get_ttys console= | quote_word) ];
|
||||
services.openssh.enable = true;
|
||||
services.openssh.settings.PermitRootLogin = "yes";
|
||||
$nix_ssh_ports
|
||||
$(cat /tmp/nixos_network_config.nix)
|
||||
###################################################
|
||||
EOF
|
||||
@ -1632,6 +1654,9 @@ EOF
|
||||
chroot $os_dir systemctl enable systemd-resolved
|
||||
chroot $os_dir systemctl enable sshd
|
||||
allow_root_password_login $os_dir
|
||||
if is_need_change_ssh_port; then
|
||||
change_ssh_port $os_dir $ssh_port
|
||||
fi
|
||||
|
||||
# 修改密码
|
||||
change_root_password $os_dir
|
||||
@ -2135,6 +2160,13 @@ download_cloud_init_config() {
|
||||
# 修改密码
|
||||
sed -i "s/@PASSWORD@/$PASSWORD/" $ci_file
|
||||
|
||||
# 修改 ssh 端口
|
||||
if is_need_change_ssh_port; then
|
||||
sed -i "s/@SSH_PORT@/$ssh_port/g" $ci_file
|
||||
else
|
||||
sed -i "/@SSH_PORT@/d" $ci_file
|
||||
fi
|
||||
|
||||
# swapfile
|
||||
# 如果分区表中已经有swapfile就跳过,例如arch
|
||||
if ! grep -w swap $os_dir/etc/fstab; then
|
||||
@ -2179,10 +2211,27 @@ modify_windows() {
|
||||
use_gpo=false
|
||||
fi
|
||||
|
||||
# 下载共同的子脚本
|
||||
# bat 列表
|
||||
bats=
|
||||
|
||||
# 1. rdp 端口
|
||||
if is_need_change_rdp_port; then
|
||||
create_win_change_rdp_port_script $os_dir/windows-change-rdp-port.bat "$rdp_port"
|
||||
bats="$bats windows-change-rdp-port.bat"
|
||||
fi
|
||||
|
||||
# 2. 允许 ping
|
||||
if is_allow_ping; then
|
||||
download $confhome/windows-allow-ping.bat $os_dir/windows-allow-ping.bat
|
||||
bats="$bats windows-allow-ping.bat"
|
||||
fi
|
||||
|
||||
# 3. 合并分区
|
||||
# 可能 unattend.xml 已经设置了ExtendOSPartition,不过运行resize没副作用
|
||||
bats="windows-resize.bat"
|
||||
download $confhome/windows-resize.bat $os_dir/windows-resize.bat
|
||||
bats="$bats windows-resize.bat"
|
||||
|
||||
# 4. 网络设置
|
||||
for ethx in $(get_eths); do
|
||||
create_win_set_netconf_script $os_dir/windows-set-netconf-$ethx.bat
|
||||
bats="$bats windows-set-netconf-$ethx.bat"
|
||||
@ -2534,21 +2583,44 @@ create_swap() {
|
||||
fi
|
||||
}
|
||||
|
||||
# arch gentoo 常规安装用
|
||||
change_ssh_conf() {
|
||||
os_dir=$1
|
||||
key=$2
|
||||
value=$3
|
||||
sub_conf=$4
|
||||
|
||||
# arch 没有 /etc/ssh/sshd_config.d/ 文件夹
|
||||
# opensuse tumbleweed 有 /etc/ssh/sshd_config.d/ 文件夹,但没有 /etc/ssh/sshd_config,有/usr/etc/ssh/sshd_config
|
||||
if grep -q 'Include.*/etc/ssh/sshd_config.d' $os_dir/etc/ssh/sshd_config ||
|
||||
grep -q '^Include.*/etc/ssh/sshd_config.d/' $os_dir/usr/etc/ssh/sshd_config; then
|
||||
mkdir -p $os_dir/etc/ssh/sshd_config.d/
|
||||
echo "$key $value" >"$os_dir/etc/ssh/sshd_config.d/$sub_conf"
|
||||
else
|
||||
# 如果 sshd_config 存在此 key,则替换
|
||||
# 否则追加
|
||||
line="^#?$key .*"
|
||||
if grep -x "$line" $os_dir/etc/ssh/sshd_config; then
|
||||
sed -Ei "s/$line/$key $value/" $os_dir/etc/ssh/sshd_config
|
||||
else
|
||||
echo "$key $value" >>$os_dir/etc/ssh/sshd_config
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# arch gentoo 常规安装用
|
||||
allow_root_password_login() {
|
||||
os_dir=$1
|
||||
|
||||
# 允许 root 密码登录
|
||||
# arch 没有 /etc/ssh/sshd_config.d/ 文件夹
|
||||
# opensuse tumbleweed 有 /etc/ssh/sshd_config.d/ 文件夹,但没有 /etc/ssh/sshd_config,但有/usr/etc/ssh/sshd_config
|
||||
if grep 'Include.*/etc/ssh/sshd_config.d' $os_dir/etc/ssh/sshd_config; then
|
||||
mkdir -p $os_dir/etc/ssh/sshd_config.d/
|
||||
echo 'PermitRootLogin yes' >$os_dir/etc/ssh/sshd_config.d/01-permitrootlogin.conf
|
||||
else
|
||||
if ! grep -x 'PermitRootLogin yes' $os_dir/etc/ssh/sshd_config; then
|
||||
echo 'PermitRootLogin yes' >>$os_dir/etc/ssh/sshd_config
|
||||
fi
|
||||
fi
|
||||
change_ssh_conf "$os_dir" PermitRootLogin yes 01-permitrootlogin.conf
|
||||
}
|
||||
|
||||
# arch gentoo 常规安装用
|
||||
change_ssh_port() {
|
||||
os_dir=$1
|
||||
ssh_port=$2
|
||||
|
||||
change_ssh_conf "$os_dir" Port "$ssh_port" 01-change-ssh-port.conf
|
||||
}
|
||||
|
||||
change_root_password() {
|
||||
@ -3418,6 +3490,17 @@ EOF
|
||||
unix2dos $target
|
||||
}
|
||||
|
||||
create_win_change_rdp_port_script() {
|
||||
target=$1
|
||||
rdp_port=$2
|
||||
|
||||
info "Create win change rdp port script"
|
||||
|
||||
echo "set RdpPort=$rdp_port" >$target
|
||||
wget $confhome/windows-change-rdp-port.bat -O- >>$target
|
||||
unix2dos $target
|
||||
}
|
||||
|
||||
# virt-what 要用最新版
|
||||
# vultr 1G High Frequency LAX 实际上是 kvm
|
||||
# debian 11 virt-what 1.19 显示为 hyperv qemu
|
||||
@ -3657,6 +3740,15 @@ install_windows() {
|
||||
;;
|
||||
esac
|
||||
|
||||
# 防止用了不兼容架构的 iso
|
||||
if ! {
|
||||
{ [ "$(uname -m)" = "x86_64" ] && [ "$arch_wim" = x86_64 ]; } ||
|
||||
{ [ "$(uname -m)" = "x86_64" ] && [ "$arch_wim" = x86 ]; } ||
|
||||
{ [ "$(uname -m)" = "aarch64" ] && [ "$arch_wim" = arm64 ]; }
|
||||
}; then
|
||||
error_and_exit "The machine is $(uname -m), but the iso is $arch_wim."
|
||||
fi
|
||||
|
||||
add_drivers() {
|
||||
info "Add drivers"
|
||||
|
||||
@ -4038,7 +4130,13 @@ install_windows() {
|
||||
# 修改应答文件
|
||||
download $confhome/windows.xml /tmp/autounattend.xml
|
||||
locale=$(get_selected_image_prop 'Default Language')
|
||||
sed -i "s|%arch%|$arch|; s|%image_name%|$image_name|; s|%locale%|$locale|; s|%password%|$PASSWORD|" \
|
||||
use_default_rdp_port=$(is_need_change_rdp_port && echo false || echo true)
|
||||
sed -i \
|
||||
-e "s|%arch%|$arch|" \
|
||||
-e "s|%image_name%|$image_name|" \
|
||||
-e "s|%locale%|$locale|" \
|
||||
-e "s|%password%|$PASSWORD|" \
|
||||
-e "s|%use_default_rdp_port%|$use_default_rdp_port|" \
|
||||
/tmp/autounattend.xml
|
||||
|
||||
# 修改应答文件,分区配置
|
||||
@ -4174,8 +4272,12 @@ install_windows() {
|
||||
|
||||
# 添加引导
|
||||
if is_efi; then
|
||||
# 现在 add_default_efi_to_nvram() 添加 bootx64.efi 到最前面
|
||||
# 因此这里重复了
|
||||
if false; then
|
||||
apk add efibootmgr
|
||||
efibootmgr -c -L "Windows Installer" -d /dev/$xda -p1 -l "\\EFI\\boot\\$boot_efi"
|
||||
fi
|
||||
else
|
||||
# 或者用 ms-sys
|
||||
apk add grub-bios
|
||||
@ -4491,6 +4593,10 @@ hwclock -s || true
|
||||
|
||||
# 设置密码,安装并打开 ssh
|
||||
echo "root:$PASSWORD" | chpasswd
|
||||
apk add openssh
|
||||
if is_need_change_ssh_port; then
|
||||
change_ssh_port / $ssh_port
|
||||
fi
|
||||
printf '\nyes' | setup-sshd
|
||||
|
||||
# shellcheck disable=SC2154
|
||||
|
21
windows-allow-ping.bat
Normal file
21
windows-allow-ping.bat
Normal file
@ -0,0 +1,21 @@
|
||||
@echo off
|
||||
mode con cp select=437 >nul
|
||||
setlocal EnableDelayedExpansion
|
||||
|
||||
rem https://learn.microsoft.com/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior#command-example-4-configure-icmp-settings
|
||||
rem 旧版命令 netsh firewall set icmpsetting 8 对应的配置是:文件和打印机共享(回显请求 - ICMPv4-In)
|
||||
|
||||
set ICMPv4EchoTypeNum=8
|
||||
set ICMPv6EchoTypeNum=128
|
||||
|
||||
for %%i in (4, 6) do (
|
||||
netsh advfirewall firewall add rule ^
|
||||
name="ICMP Echo Request (ICMPv%%i-In)" ^
|
||||
dir=in ^
|
||||
action=allow ^
|
||||
program=System ^
|
||||
protocol=ICMPv%%i:!ICMPv%%iEchoTypeNum!,any
|
||||
)
|
||||
|
||||
rem 删除此脚本
|
||||
del "%~f0"
|
47
windows-change-rdp-port.bat
Normal file
47
windows-change-rdp-port.bat
Normal file
@ -0,0 +1,47 @@
|
||||
@echo off
|
||||
mode con cp select=437 >nul
|
||||
|
||||
rem set RdpPort=3333
|
||||
|
||||
rem https://learn.microsoft.com/windows-server/remote/remote-desktop-services/clients/change-listening-port
|
||||
rem HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
|
||||
|
||||
rem RemoteDesktop-Shadow-In-TCP
|
||||
rem v2.33|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\RdpSa.exe|Name=@FirewallAPI.dll,-28778|Desc=@FirewallAPI.dll,-28779|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=TRUE|Defer=App|
|
||||
|
||||
rem RemoteDesktop-UserMode-In-TCP
|
||||
rem v2.33|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|Name=@FirewallAPI.dll,-28775|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|
|
||||
|
||||
rem RemoteDesktop-UserMode-In-UDP
|
||||
rem v2.33|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3389|App=%SystemRoot%\system32\svchost.exe|Svc=termservice|Name=@FirewallAPI.dll,-28776|Desc=@FirewallAPI.dll,-28777|EmbedCtxt=@FirewallAPI.dll,-28752|
|
||||
|
||||
rem 设置端口
|
||||
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d %RdpPort% /f
|
||||
|
||||
rem 重启服务
|
||||
rem 可以用 sc 或者 net
|
||||
rem UmRdpService 依赖 TermService
|
||||
rem sc stop 不能处理依赖关系,因此 sc stop TermService 前需要 sc stop UmRdpService
|
||||
rem net stop 可以处理依赖关系
|
||||
rem sc stop 是异步的,rem net stop 不是异步,但有 timeout 时间
|
||||
rem TermService 运行后,UmRdpService 会自动运行
|
||||
net stop TermService /y
|
||||
net start TermService
|
||||
|
||||
rem 设置防火墙
|
||||
rem 各个版本的防火墙自带的 rdp 规则略有不同
|
||||
rem 全部版本都有: program=%SystemRoot%\system32\svchost.exe service=TermService
|
||||
rem win7 还有: program=System service=
|
||||
rem 以下为并集
|
||||
for %%a in (TCP, UDP) do (
|
||||
netsh advfirewall firewall add rule ^
|
||||
name="Remote Desktop - Custom Port (%%a-In)" ^
|
||||
dir=in ^
|
||||
action=allow ^
|
||||
service=any ^
|
||||
protocol=%%a ^
|
||||
localport=%RdpPort%
|
||||
)
|
||||
|
||||
rem 删除此脚本
|
||||
del "%~f0"
|
@ -110,8 +110,11 @@
|
||||
<FirewallGroups>
|
||||
<FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop">
|
||||
<Profile>all</Profile>
|
||||
<!-- HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -->
|
||||
<!-- Get-NetFirewallRule | Where-Object Name -like 'RemoteDesktop*' | fl Name,DisplayName,Description,DisplayGroup,Group -->
|
||||
<!-- https://learn.microsoft.com/windows-hardware/customize/desktop/unattend/networking-mpssvc-svc-firewallgroups-firewallgroup-group -->
|
||||
<Group>@FirewallAPI.dll,-28752</Group>
|
||||
<Active>true</Active>
|
||||
<Active>%use_default_rdp_port%</Active>
|
||||
</FirewallGroup>
|
||||
</FirewallGroups>
|
||||
</component>
|
||||
@ -144,7 +147,8 @@
|
||||
<SkipMachineOOBE>true</SkipMachineOOBE>
|
||||
<SkipUserOOBE>true</SkipUserOOBE>
|
||||
</OOBE>
|
||||
<TimeZone>China Standard Time</TimeZone>
|
||||
<!-- 不设置时区,则使用镜像的默认时区 -->
|
||||
<!-- <TimeZone>China Standard Time</TimeZone> -->
|
||||
</component>
|
||||
</settings>
|
||||
</unattend>
|
||||
|
Loading…
Reference in New Issue
Block a user