d1y · March 7, 2019 08:08
diff --git a/ssh_port.sh b/ssh_port.sh
 #!/usr/bin/env bash
 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
 export PATH

 #=================================================
 #	System Required: Debian/Ubuntu
 #	Description: SSH modify port
 #	Version: 1.0.0
 #	Author: Toyo
 #	Blog: https://doub.io/linux-jc11/
 #=================================================

 sh_ver="1.0.0"
 CONF="/etc/ssh/sshd_config"
 SSH_init_1="/etc/init.d/ssh"
 SSH_init_2="/etc/init.d/sshd"
 if [[ -e ${SSH_init_1} ]]; then
 	SSH_init=${SSH_init_1}
 elif [[ -e ${SSH_init_2} ]]; then
 	SSH_init=${SSH_init_2}
 else
 	echo -e "${Error} 找不到 SSH 的服务脚本文件！" && exit 1
 fi
 bak_text="（可通过备份SSH配置文件复原：[ ${Green_font_prefix}rm -rf /etc/ssh/sshd_config && mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config && ${SSH_init} restart${Font_color_suffix} ]）"
 over_text="${Tip} 当服务器存在外部防火墙时（如 阿里云、腾讯云、微软云、谷歌云、亚马逊云等），需要外部防火墙开放 新SSH端口TCP协议方可连接！(如使用途中出现任何问题均可通过该代码复原：[ ${Green_font_prefix}rm -rf /etc/ssh/sshd_config && mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config && ${SSH_init} restart${Font_color_suffix} ] )"

 Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" && Font_color_suffix="\033[0m"
 Info="${Green_font_prefix}[信息]${Font_color_suffix}" && Error="${Red_font_prefix}[错误]${Font_color_suffix}" && Tip="${Green_font_prefix}[注意]${Font_color_suffix}"
 filepath=$(cd "$(dirname "$0")"; pwd)
 file=$(echo -e "${filepath}"|awk -F "$0" '{print $1}')

 #检查系统
 check_sys(){
 	if [[ -f /etc/redhat-release ]]; then
 		release="centos"
 	elif cat /etc/issue | grep -q -E -i "debian"; then
 		release="debian"
 	elif cat /etc/issue | grep -q -E -i "ubuntu"; then
 		release="ubuntu"
 	elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then
 		release="centos"
 	elif cat /proc/version | grep -q -E -i "debian"; then
 		release="debian"
 	elif cat /proc/version | grep -q -E -i "ubuntu"; then
 		release="ubuntu"
 	elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then
 		release="centos"
    fi
 	#bit=`uname -m`
 }
 check_installed_status(){
 	[[ ! -e ${CONF} ]] && echo -e "${Error} SSH配置文件不存在[ ${CONF} ]，请检查 !" && exit 1
 }
 check_pid(){
 	PID=$(ps -ef| grep '/usr/sbin/sshd'| grep -v grep| awk '{print $2}')
 }
 Read_config(){
 	port_all=$(cat ${CONF}|grep -v '#'|grep "Port "|awk '{print $2}')
 	if [[ -z ${port_all} ]]; then
 		port=22
 	else
 		port=${port_all}
 	fi
 }
 Set_port(){
 	while true
 		do
 		echo -e "\n旧SSH端口：${Green_font_prefix}[${port}]${Font_color_suffix}"
 		echo -e "请输入新的SSH端口 [1-65535]"
 		read -e -p "(输入为空则取消):" new_port
 		[[ -z "${new_port}" ]] && echo "取消..." && exit 1
 		echo $((${new_port}+0)) &>/dev/null
 		if [[ $? -eq 0 ]]; then
 			if [[ ${new_port} -ge 1 ]] && [[ ${new_port} -le 65535 ]]; then
 				if [[ ${new_port} == ${port} ]]; then
 					echo -e "输入错误, 新端口与旧端口一致。"
 				else
 					echo && echo "============================="
 					echo -e "	新端口 : ${Red_background_prefix} ${new_port} ${Font_color_suffix}"
 					echo "=============================" && echo
 					break
 				fi
 			else
 				echo -e "输入错误, 请输入正确的端口。"
 			fi
 		else
 			echo -e "输入错误, 请输入正确的端口。"
 		fi
 	done
 }
 choose_the_way(){
 	echo -e "请选择SSH端口修改方式：
 1. 直接修改（直接修改旧端口为新端口，并且防火墙禁止旧端口 开放新端口）
 2. 保守修改（不删除旧端口，先添加新端口，然后手动断开SSH链接并使用新端口尝试链接，如果链接正常，那么再次执行脚本删除旧端口配置）\n
 一般来说修改SSH端口不会出现什么问题，但保守起见，我做了两个修改方式。
 如果不懂请选 ${Green_font_prefix}[2. 保守修改]${Font_color_suffix}，避免因为未知问题而导致修改后无法通过 新端口和旧端口 链接服务器！\n
 ${over_text}\n"
 	read -e -p "(默认: 2. 保守修改):" choose_the_way_num
 	[[ -z "${choose_the_way_num}" ]] && choose_the_way_num="2"
 	if [[ ${choose_the_way_num} == "1" ]]; then
 		cp -f "${CONF}" "/etc/ssh/sshd_config.bak"
 		Direct_modification
 	elif [[ ${choose_the_way_num} == "2" ]]; then
 		cp -f "${CONF}" "/etc/ssh/sshd_config.bak"
 		Conservative_modifications
 	else
 		echo -e "${Error} 请输入正确的数字 [1-2]" && exit 1
 	fi
 }
 Direct_modification(){
 	echo -e "${Info} 删除旧端口配置..."
 	sed -i "/Port ${port}/d" "${CONF}"
 	echo -e "${Info} 添加新端口配置..."
 	echo -e "\nPort ${new_port}" >> "${CONF}"
 	${SSH_init} restart
 	sleep 2s
 	check_pid
 	if [[ -z ${PID} ]]; then
 			echo -e "${Error} SSH 启动失败 !${bak_text}" && exit 1
 		else
 			port_status=$(netstat -lntp|grep ssh|awk '{print $4}'|grep -w "${new_port}")
 			if [[ -z ${port_status} ]]; then
 				echo -e "${Error} SSH 端口修改失败 !${bak_text}" && exit 1
 			else
 				Del_iptables_ACCEPT
 				Del_iptables_DROP
 				Add_iptables_ACCEPT
 				Add_iptables_DROP
 				Set_iptables
 				#rm -rf /etc/ssh/sshd_config.bak
 				echo -e "${Info} SSH 端口修改成功！新端口：[${Green_font_prefix}${new_port}${Font_color_suffix}]"
 				echo -e "${over_text}"
 			fi
 		fi
 }
 Conservative_modifications(){
 	if [[ $1 != "End" ]]; then
 		echo -e "${Info} 添加新端口配置..."
 		echo -e "\nPort ${new_port}" >> "${CONF}"
 		${SSH_init} restart
 		sleep 2s
 		check_pid
 		if [[ -z ${PID} ]]; then
 			echo -e "${Error} SSH 启动失败 !${bak_text}" && exit 1
 		else
 			port_status=$(netstat -lntp|grep ssh|awk '{print $4}'|grep -w "${new_port}")
 			if [[ -z ${port_status} ]]; then
 				echo -e "${Error} SSH 端口添加失败 !${bak_text}" && exit 1
 			else
 				Add_iptables_ACCEPT
 				Set_iptables
 				echo "${new_port}|${port}" > "${file}/ssh_port.conf"
 				echo -e "${Info} SSH 端口添加成功 ! 
 请手动断开 SSH链接并使用新端口 ${Green_font_prefix}[${new_port}]${Font_color_suffix} 尝试链接，如无法链接 请通过旧端口 ${Green_font_prefix}[${port}]${Font_color_suffix} 链接，如链接正常 请链接后再次执行脚本${Green_font_prefix} [bash ${file}/ssh_port.sh end]${Font_color_suffix} 以删除旧端口配置！"
 				echo -e "${over_text}"
 			fi
 		fi
 	else
 		[[ ! -e "${file}/ssh_port.conf" ]] && echo -e "${Error} ${file}/ssh_port.conf 文件缺失 !" && exit 1
 		new_port=$(cat "${file}/ssh_port.conf"|awk -F '|' '{print $1}')
 		port=$(cat "${file}/ssh_port.conf"|awk -F '|' '{print $2}')
 		rm -rf "${file}/ssh_port.conf"
 		echo -e "${Info} 删除旧端口配置..."
 		sed -i "/Port ${port}/d" "${CONF}"
 		${SSH_init} restart
 		sleep 2s
 		check_pid
 		if [[ -z ${PID} ]]; then
 			echo -e "${Error} SSH 启动失败 !" && exit 1
 		else
 			Add_iptables_DROP
 			Set_iptables
 			#rm -rf /etc/ssh/sshd_config.bak
 			echo -e "${Info} 所有配置完成！新端口：[${Green_font_prefix}${new_port}${Font_color_suffix}]"
 			echo -e "${over_text}"
 		fi
 	fi
 }
 modify_ssh(){
 	Read_config
 	Set_port
 	choose_the_way
 }
 end_ssh(){
 	Conservative_modifications "End"
 }
 Add_iptables_ACCEPT(){
 	iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${new_port} -j ACCEPT
 }
 Del_iptables_ACCEPT(){
 	iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport ${port} -j ACCEPT
 }
 Add_iptables_DROP(){
 	iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${port} -j DROP
 }
 Del_iptables_DROP(){
 	iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport ${new_port} -j DROP
 }
 Set_iptables(){
 	iptables-save > /etc/iptables.up.rules
 	echo -e '#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules' > /etc/network/if-pre-up.d/iptables
 	chmod +x /etc/network/if-pre-up.d/iptables
 }
 check_sys
 [[ ${release} != "debian" ]] && [[ ${release} != "ubuntu" ]] && echo -e "${Error} 本脚本不支持当前系统 ${release} !" && exit 1
 check_installed_status
 action=$1
 [[ -z $1 ]] && action=modify
 case "$action" in
    modify|end)
    ${action}_ssh
    ;;
    *)
    echo "输入错误 !"
    echo "用法: {modify|end}"
    ;;
 esac
	#!/usr/bin/env bash
	PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
	export PATH

	#=================================================
	# System Required: Debian/Ubuntu
	# Description: SSH modify port
	# Version: 1.0.0
	# Author: Toyo
	# Blog: https://doub.io/linux-jc11/
	#=================================================

	sh_ver="1.0.0"
	CONF="/etc/ssh/sshd_config"
	SSH_init_1="/etc/init.d/ssh"
	SSH_init_2="/etc/init.d/sshd"
	if [[ -e ${SSH_init_1} ]]; then
	SSH_init=${SSH_init_1}
	elif [[ -e ${SSH_init_2} ]]; then
	SSH_init=${SSH_init_2}
	else
	echo -e "${Error} 找不到 SSH 的服务脚本文件！" && exit 1
	fi
	bak_text="（可通过备份SSH配置文件复原：[ ${Green_font_prefix}rm -rf /etc/ssh/sshd_config && mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config && ${SSH_init} restart${Font_color_suffix} ]）"
	over_text="${Tip} 当服务器存在外部防火墙时（如阿里云、腾讯云、微软云、谷歌云、亚马逊云等），需要外部防火墙开放新SSH端口TCP协议方可连接！(如使用途中出现任何问题均可通过该代码复原：[ ${Green_font_prefix}rm -rf /etc/ssh/sshd_config && mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config && ${SSH_init} restart${Font_color_suffix} ] )"

	Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" && Font_color_suffix="\033[0m"
	Info="${Green_font_prefix}[信息]${Font_color_suffix}" && Error="${Red_font_prefix}[错误]${Font_color_suffix}" && Tip="${Green_font_prefix}[注意]${Font_color_suffix}"
	filepath=$(cd "$(dirname "$0")"; pwd)
	file=$(echo -e "${filepath}"\|awk -F "$0" '{print $1}')

	#检查系统
	check_sys(){
	if [[ -f /etc/redhat-release ]]; then
	release="centos"
	elif cat /etc/issue \| grep -q -E -i "debian"; then
	release="debian"
	elif cat /etc/issue \| grep -q -E -i "ubuntu"; then
	release="ubuntu"
	elif cat /etc/issue \| grep -q -E -i "centos\|red hat\|redhat"; then
	release="centos"
	elif cat /proc/version \| grep -q -E -i "debian"; then
	release="debian"
	elif cat /proc/version \| grep -q -E -i "ubuntu"; then
	release="ubuntu"
	elif cat /proc/version \| grep -q -E -i "centos\|red hat\|redhat"; then
	release="centos"
	fi
	#bit=`uname -m`
	}
	check_installed_status(){
	[[ ! -e ${CONF} ]] && echo -e "${Error} SSH配置文件不存在[ ${CONF} ]，请检查 !" && exit 1
	}
	check_pid(){
	PID=$(ps -ef\| grep '/usr/sbin/sshd'\| grep -v grep\| awk '{print $2}')
	}
	Read_config(){
	port_all=$(cat ${CONF}\|grep -v '#'\|grep "Port "\|awk '{print $2}')
	if [[ -z ${port_all} ]]; then
	port=22
	else
	port=${port_all}
	fi
	}
	Set_port(){
	while true
	do
	echo -e "\n旧SSH端口：${Green_font_prefix}[${port}]${Font_color_suffix}"
	echo -e "请输入新的SSH端口 [1-65535]"
	read -e -p "(输入为空则取消):" new_port
	[[ -z "${new_port}" ]] && echo "取消..." && exit 1
	echo $((${new_port}+0)) &>/dev/null
	if [[ $? -eq 0 ]]; then
	if [[ ${new_port} -ge 1 ]] && [[ ${new_port} -le 65535 ]]; then
	if [[ ${new_port} == ${port} ]]; then
	echo -e "输入错误, 新端口与旧端口一致。"
	else
	echo && echo "============================="
	echo -e " 新端口 : ${Red_background_prefix} ${new_port} ${Font_color_suffix}"
	echo "=============================" && echo
	break
	fi
	else
	echo -e "输入错误, 请输入正确的端口。"
	fi
	else
	echo -e "输入错误, 请输入正确的端口。"
	fi
	done
	}
	choose_the_way(){
	echo -e "请选择SSH端口修改方式：
	1. 直接修改（直接修改旧端口为新端口，并且防火墙禁止旧端口开放新端口）
	2. 保守修改（不删除旧端口，先添加新端口，然后手动断开SSH链接并使用新端口尝试链接，如果链接正常，那么再次执行脚本删除旧端口配置）\n
	一般来说修改SSH端口不会出现什么问题，但保守起见，我做了两个修改方式。
	如果不懂请选 ${Green_font_prefix}[2. 保守修改]${Font_color_suffix}，避免因为未知问题而导致修改后无法通过新端口和旧端口链接服务器！\n
	${over_text}\n"
	read -e -p "(默认: 2. 保守修改):" choose_the_way_num
	[[ -z "${choose_the_way_num}" ]] && choose_the_way_num="2"
	if [[ ${choose_the_way_num} == "1" ]]; then
	cp -f "${CONF}" "/etc/ssh/sshd_config.bak"
	Direct_modification
	elif [[ ${choose_the_way_num} == "2" ]]; then
	cp -f "${CONF}" "/etc/ssh/sshd_config.bak"
	Conservative_modifications
	else
	echo -e "${Error} 请输入正确的数字 [1-2]" && exit 1
	fi
	}
	Direct_modification(){
	echo -e "${Info} 删除旧端口配置..."
	sed -i "/Port ${port}/d" "${CONF}"
	echo -e "${Info} 添加新端口配置..."
	echo -e "\nPort ${new_port}" >> "${CONF}"
	${SSH_init} restart
	sleep 2s
	check_pid
	if [[ -z ${PID} ]]; then
	echo -e "${Error} SSH 启动失败 !${bak_text}" && exit 1
	else
	port_status=$(netstat -lntp\|grep ssh\|awk '{print $4}'\|grep -w "${new_port}")
	if [[ -z ${port_status} ]]; then
	echo -e "${Error} SSH 端口修改失败 !${bak_text}" && exit 1
	else
	Del_iptables_ACCEPT
	Del_iptables_DROP
	Add_iptables_ACCEPT
	Add_iptables_DROP
	Set_iptables
	#rm -rf /etc/ssh/sshd_config.bak
	echo -e "${Info} SSH 端口修改成功！新端口：[${Green_font_prefix}${new_port}${Font_color_suffix}]"
	echo -e "${over_text}"
	fi
	fi
	}
	Conservative_modifications(){
	if [[ $1 != "End" ]]; then
	echo -e "${Info} 添加新端口配置..."
	echo -e "\nPort ${new_port}" >> "${CONF}"
	${SSH_init} restart
	sleep 2s
	check_pid
	if [[ -z ${PID} ]]; then
	echo -e "${Error} SSH 启动失败 !${bak_text}" && exit 1
	else
	port_status=$(netstat -lntp\|grep ssh\|awk '{print $4}'\|grep -w "${new_port}")
	if [[ -z ${port_status} ]]; then
	echo -e "${Error} SSH 端口添加失败 !${bak_text}" && exit 1
	else
	Add_iptables_ACCEPT
	Set_iptables
	echo "${new_port}\|${port}" > "${file}/ssh_port.conf"
	echo -e "${Info} SSH 端口添加成功 !
	请手动断开 SSH链接并使用新端口 ${Green_font_prefix}[${new_port}]${Font_color_suffix} 尝试链接，如无法链接请通过旧端口 ${Green_font_prefix}[${port}]${Font_color_suffix} 链接，如链接正常请链接后再次执行脚本${Green_font_prefix} [bash ${file}/ssh_port.sh end]${Font_color_suffix} 以删除旧端口配置！"
	echo -e "${over_text}"
	fi
	fi
	else
	[[ ! -e "${file}/ssh_port.conf" ]] && echo -e "${Error} ${file}/ssh_port.conf 文件缺失 !" && exit 1
	new_port=$(cat "${file}/ssh_port.conf"\|awk -F '\|' '{print $1}')
	port=$(cat "${file}/ssh_port.conf"\|awk -F '\|' '{print $2}')
	rm -rf "${file}/ssh_port.conf"
	echo -e "${Info} 删除旧端口配置..."
	sed -i "/Port ${port}/d" "${CONF}"
	${SSH_init} restart
	sleep 2s
	check_pid
	if [[ -z ${PID} ]]; then
	echo -e "${Error} SSH 启动失败 !" && exit 1
	else
	Add_iptables_DROP
	Set_iptables
	#rm -rf /etc/ssh/sshd_config.bak
	echo -e "${Info} 所有配置完成！新端口：[${Green_font_prefix}${new_port}${Font_color_suffix}]"
	echo -e "${over_text}"
	fi
	fi
	}
	modify_ssh(){
	Read_config
	Set_port
	choose_the_way
	}
	end_ssh(){
	Conservative_modifications "End"
	}
	Add_iptables_ACCEPT(){
	iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${new_port} -j ACCEPT
	}
	Del_iptables_ACCEPT(){
	iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport ${port} -j ACCEPT
	}
	Add_iptables_DROP(){
	iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${port} -j DROP
	}
	Del_iptables_DROP(){
	iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport ${new_port} -j DROP
	}
	Set_iptables(){
	iptables-save > /etc/iptables.up.rules
	echo -e '#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules' > /etc/network/if-pre-up.d/iptables
	chmod +x /etc/network/if-pre-up.d/iptables
	}
	check_sys
	[[ ${release} != "debian" ]] && [[ ${release} != "ubuntu" ]] && echo -e "${Error} 本脚本不支持当前系统 ${release} !" && exit 1
	check_installed_status
	action=$1
	[[ -z $1 ]] && action=modify
	case "$action" in
	modify\|end)
	${action}_ssh
	;;
	*)
	echo "输入错误 !"
	echo "用法: {modify\|end}"
	;;
	esac