IBM LinuxOne服务器初始化

1. 使用密钥登录SSH，修改root密码

sudo -i
passwd

2. 打开ssh配置文件

vim /etc/ssh/sshd_config

3. 修改或添加下面配置

PermitRootLogin yes   #手动添加
PubkeyAuthentication yes    #删除注释

4. 编辑认证文件authorized_keys

vim /root/.ssh/authorized_keys

删除：

no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"linux1\" rather than the user \"root\".';echo;sleep 10;exit 142"

只删掉这段，后面ssh那一大堆不要删

5. 然后wq保存退出，这样就可以新建会话使用root账户进行登录了

个人使用脚本（使用前确保挂了哪吒探针，或者有其他办法连接SSH可以恢复SSH，否则可能会挂）

#!/bin/bash

# 更新系统软件包列表
apt update

# 安装常用包
apt install wget curl fuse3 rclone vim zip python3 python3-pip -y

# 修改时区为上海
timedatectl set-timezone Asia/Shanghai

# 添加BBR
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p

# 添加 2GB 的 SWAP
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap sw 0 0' | tee -a /etc/fstab

# 安装 Docker
wget -qO- get.docker.com | bash

systemctl enable docker

# 安装 Docker Compose

DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
mkdir -p $DOCKER_CONFIG/cli-plugins
curl -SL https://ghproxy.com/https://github.com/docker/compose/releases/download/v2.22.0/docker-compose-linux-s390x -o $DOCKER_CONFIG/cli-plugins/docker-compose

chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose

docker compose version

cat > /etc/docker/daemon.json <<EOF
{
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "20m",
        "max-file": "3"
    },
    "ipv6": true,
    "fixed-cidr-v6": "fd00:dead:beef:c0::/80",
    "experimental":true,
    "ip6tables":true
}
EOF

systemctl restart docker

# 备份文件
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bak

# 开启root登录
sed -i '/^#PermitRootLogin/c\PermitRootLogin yes' /etc/ssh/sshd_config
sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sed -i '/no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo '\''Please login as the user \"linux1\" rather than the user \"root\".'\'';echo;sleep 10;exit 142"/d' /root/.ssh/authorized_keys

echo "Setup complete!"

red(){
    echo -e "\033[31m\033[01m$1\033[0m"
}

green(){
    echo -e "\033[32m\033[01m$1\033[0m"
}

yellow(){
    echo -e "\033[33m\033[01m$1\033[0m"
}

REGEX=("debian" "ubuntu" "centos|red hat|kernel|oracle linux|alma|rocky" "'amazon linux'" "alpine")
RELEASE=("Debian" "Ubuntu" "CentOS" "CentOS" "Alpine")
PACKAGE_UPDATE=("apt -y update" "apt -y update" "yum -y update" "yum -y update" "apk update -f")
PACKAGE_INSTALL=("apt -y install" "apt -y install" "yum -y install" "yum -y install" "apk add -f")
CMD=("$(grep -i pretty_name /etc/os-release 2>/dev/null | cut -d \" -f2)" "$(hostnamectl 2>/dev/null | grep -i system | cut -d : -f2)" "$(lsb_release -sd 2>/dev/null)" "$(grep -i description /etc/lsb-release 2>/dev/null | cut -d \" -f2)" "$(grep . /etc/redhat-release 2>/dev/null)" "$(grep . /etc/issue 2>/dev/null | cut -d \\ -f1 | sed '/^[ ]*$/d')")

for i in "${CMD[@]}"; do
    SYS="$i" && [[ -n $SYS ]] && break
done

for ((int=0; int<${#REGEX[@]}; int++)); do
    [[ $(echo "$SYS" | tr '[:upper:]' '[:lower:]') =~ ${REGEX[int]} ]] && SYSTEM="${RELEASE[int]}" && [[ -n $SYSTEM ]] && break
done

[[ -z $SYSTEM ]] && red "脚本暂时不支持VPS的当前系统，请使用主流操作系统" && exit 1
[[ ! -f /etc/ssh/sshd_config ]] && sudo ${PACKAGE_UPDATE[int]} && sudo ${PACKAGE_INSTALL[int]} openssh-server
[[ -z $(type -P curl) ]] && sudo ${PACKAGE_UPDATE[int]} && sudo ${PACKAGE_INSTALL[int]} curl

WgcfIPv4Status=$(curl -s4m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2)
WgcfIPv6Status=$(curl -s6m8 https://www.cloudflare.com/cdn-cgi/trace -k | grep warp | cut -d= -f2)
if [[ $WgcfIPv4Status =~ "on"|"plus" ]] || [[ $WgcfIPv6Status =~ "on"|"plus" ]]; then
    wg-quick down wgcf >/dev/null 2>&1
    systemctl stop warp-go >/dev/null 2>&1
    v6=$(curl -s6m8 api64.ipify.org -k)
    v4=$(curl -s4m8 api64.ipify.org -k)
    wg-quick up wgcf >/dev/null 2>&1
    systemctl start warp-go >/dev/null 2>&1
else
    v6=$(curl -s6m8 api64.ipify.org -k)
    v4=$(curl -s4m8 api64.ipify.org -k)
fi

sudo lsattr /etc/passwd /etc/shadow >/dev/null 2>&1
sudo chattr -i /etc/passwd /etc/shadow >/dev/null 2>&1
sudo chattr -a /etc/passwd /etc/shadow >/dev/null 2>&1
sudo lsattr /etc/passwd /etc/shadow >/dev/null 2>&1

read -p "输入设置的SSH端口（默认22）：" sshport
[[ -z $sshport ]] && red "端口未设置，将使用默认22端口" && sshport=22
read -p "输入设置的root密码：" password
[[ -z $password ]] && red "密码未设置，将使用随机生成密码" && password=$(cat /proc/sys/kernel/random/uuid)
echo root:$password | sudo chpasswd root

sudo sed -i "s/^#\?Port.*/Port $sshport/g" /etc/ssh/sshd_config;
sudo sed -i "s/^#\?PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config;
sudo sed -i "s/^#\?PasswordAuthentication.*/PasswordAuthentication yes/g" /etc/ssh/sshd_config;

sudo service ssh restart >/dev/null 2>&1 # 某些VPS系统的ssh服务名称为ssh，以防无法重启服务导致无法立刻使用密码登录
sudo service sshd restart >/dev/null 2>&1

yellow "VPS root登录信息设置完成！"
if [[ -n $v4 && -z $v6 ]]; then
    green "VPS登录IP地址及端口为：$v4:$sshport"
fi
if [[ -z $v4 && -n $v6 ]]; then
    green "VPS登录IP地址及端口为：$v6:$sshport"
fi
if [[ -n $v4 && -n $v6 ]]; then
    green "VPS登录IP地址及端口为：$v4:$sshport 或 $v6:$sshport"
fi
green "用户名：root"
green "密码：$password"
yellow "请妥善保存好登录信息！然后重启VPS确保设置已保存！"