腾讯云轻量国内机dd网络重装debian并改回内网软件源

• dd脚本

wget https://cdn.jsdelivr.net/gh/hiCasper/Shell@master/AutoReinstall.sh && chmod +x AutoReinstall.sh && bash AutoReinstall.sh

原系统建议使用Ubuntu18.04镜像，运行脚本后选择Debian10

• 改回内网软件源

cat <<EOF > /etc/apt/sources.list
deb http://mirrors.tencentyun.com/debian/ buster main contrib non-free
deb http://mirrors.tencentyun.com/debian/ buster-updates main contrib non-free
deb http://mirrors.tencentyun.com/debian/ buster-backports main contrib non-free
deb http://mirrors.tencentyun.com/debian-security buster/updates main contrib non-free
deb-src http://mirrors.tencentyun.com/debian/ buster main contrib non-free
deb-src http://mirrors.tencentyun.com/debian/ buster-updates main contrib non-free
deb-src http://mirrors.tencentyun.com/debian/ buster-backports main contrib non-free
deb-src http://mirrors.tencentyun.com/debian-security buster/updates main contrib non-free
EOF
apt-get update

参考：http://mirrors.cloud.tencent.com/

Linux下SSH配置密钥key登录禁用密码登录

• 首先需要在ROOT用户下操作步骤如下

1 创建用户haoduck

useradd haoduck

2 创建haoduck用户ssh密钥文件夹

mkdir -p /home/haoduck/.ssh/
chmod 700 /home/haoduck/.ssh/

3 创建公钥文件

公钥文件一般从自己的电脑上生成，诸如XShell、MobaXterm等工具都是可以生成的。这里就不赘述了

vim /home/haoduck/.ssh/authorized_keys
chmod 600 /home/haoduck/.ssh/authorized_keys
chown -R haoduck /home/haoduck/.ssh/ #设置文件所有者为新用户haoduck

4 配置sudo权限(可选)

在最后添加一行haoduck ALL=(ALL) ALL或者haoduck ALL=(ALL) NOPASSWD: ALL，后者可以免密码使用sudo

chmod u+w /etc/sudoers
vim /etc/sudoers
chmod u-w /etc/sudoers

5 修改sshd配置

vim /etc/ssh/sshd_config

密钥登录：找到以下内容去掉签名的#号

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

禁用密码和ROOT登录：

找到以下内容

PasswordAuthentication yes
PermitRootLogin yes

改为

PasswordAuthentication no
PermitRootLogin no

重启sshdsystemctl restart sshd或systemctl restart ssh或service sshd restart或service ssh restart

• 一键脚本

#!/bin/bash
#username=${1:="haoduck"}
#pubkey=${2:="ssh-xxxxx"}
username="haoduck"
#pubkey="$(wget -qO- https://直链)"
pubkey="ssh-xxxxx"
#yum install -y sudo
#apt-get install -y sudo
useradd ${username}
mkdir -p /home/${username}/.ssh/
chmod 700 /home/${username}/.ssh/
echo $pubkey > /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
chown -R ${username} /home/${username}/.ssh/
#sudo配置
chmod u+w /etc/sudoers
echo "${username} ALL=(ALL) ALL" > /etc/sudoers.d/${username}
#echo "${username} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/${username}
#sshd配置
sshd_file="/etc/ssh/sshd_config"
cp -n $sshd_file /etc/ssh/sshd_config.bak
sed -i "s|#\?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
sed -i "s|#\?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
#sed -i "s|#\?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
#sed -i "s|#\?PermitRootLogin.*|PermitRootLogin no|" $sshd_file
systemctl restart sshd;systemctl restart ssh;service sshd restart;service ssh restart

如果只需要用ROOT用户，可以省略添加用户的步骤，一键脚本如下：

#pubkey="$(wget -qO- https://直链)"
pubkey="ssh-xxxxx" #这里改成你的公钥
mkdir -p /root/.ssh/
chmod 700 /root/.ssh/
echo $pubkey > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
sshd_file="/etc/ssh/sshd_config"
cp -n $sshd_file /etc/ssh/sshd_config.bak
sed -i "s|#\?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
sed -i "s|#\?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
sed -i "s|#\?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
sed -i "s|#\?PermitRootLogin.*|PermitRootLogin yes|" $sshd_file
systemctl restart sshd;systemctl restart ssh;service sshd restart;service ssh restart

CentOS7+warp+wgcf+wireguard-go+wireguard-tools给VPS添加IPV6访问，Ubuntu、Debian同理

本文以CentOS7 x64系统为例

• 一、安装wireguard-go

Github地址：https://github.com/WireGuard/wireguard-go

编译安装

一些需要的软件yum install -y wget git make

如果是debian/ubuntu：apt install -y wget git make

1.安装golang1.16

wget https://golang.org/dl/go1.16.1.linux-amd64.tar.gz
tar xvf go1.16.1.linux-amd64.tar.gz -C /usr/local
cat <<EOF >> /etc/profile
#golang env config
export GO111MODULE=on
export GOROOT=/usr/local/go 
export GOPATH=~/gopath
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
EOF
source /etc/profile

2.拉取代码并编译

git clone https://git.zx2c4.com/wireguard-go.git
git checkout 0.0.20201118
cd wireguard-go
make
mv wireguard-go /usr/local/sbin

下载编译好的二进制文件安装

一些需要的软件yum install -y wget

如果是debian/ubuntu：apt install -y wget

wget https://github.com/peng4740/wireguard-go-builder/releases/download/0.0.20201118/wireguard-go-linux-amd64.tar.gz
tar zxf wireguard-go-linux-amd64.tar.gz
mv wireguard-go /usr/local/sbin
rm -f wireguard-go-linux-amd64.tar.gz

• 二、安装wgcf

这个是用来生成warp配置的

Github地址：https://github.com/ViRb3/wgcf

安装

wget https://github.com/ViRb3/wgcf/releases/download/v2.2.2/wgcf_2.2.2_linux_amd64 -O /usr/local/sbin/wgcf
chmod +x /usr/local/sbin/wgcf

用wgcf生成配置

echo|wgcf register
wgcf generate
sed -i '/0\.0\.0\.0\/0/d' wgcf-profile.conf
#sed -i '/\:\:\/0/d' wgcf-profile.conf # 如果是IPV6VPS要添加IPV4则改用这个，上一条不要执行
mkdir -p /etc/wireguard
cp -f wgcf-profile.conf /etc/wireguard/wgcf.conf

• 三、安装wireguard-tools

CentOS7：yum install -y wireguard-tools

如果提示找不到包安装失败了可能是没有epel源，先安装yum install epel-release -y

其他系统其实也是差不多的

Debian:

echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable
apt update
apt install -y wireguard

Ubuntu：apt install -y wireguard

• 四、运行测试

1.启动

wg-quick up wgcf

如果运行完就失联了(VPS的SSH终端没反应了)。先重启VPS，检查一下配置有没有问题，可以复制评论给嗷嗷看看。

当然，也不用太担心，如果你没漏掉什么步骤，一般是不会有事的。

2.测试

curl ipv6.ip.sb

如果能正常显示ip就正常

• 五、配置开机自启(务必要运行测试过后再配置)

systemctl enable wg-quick@wgcf