fix(security): 移除即時高風險明文與 SSH 信任缺口 [skip ci]

This commit is contained in:
Your Name
2026-06-11 11:10:26 +08:00
parent 56173437f2
commit 3418e014bc
12 changed files with 118 additions and 21 deletions

View File

@@ -37,7 +37,7 @@ check_url() {
check_ssh() {
local name=$1 host=$2
if ssh -o ConnectTimeout=3 -o BatchMode=yes -o StrictHostKeyChecking=no \
if ssh -o ConnectTimeout=3 -o BatchMode=yes -o StrictHostKeyChecking=accept-new \
"$host" "echo ok" 2>/dev/null | grep -q ok; then
ok "SSH $name ($host)"
return 0

View File

@@ -25,6 +25,7 @@ MONITOR_SCRIPT="${REPO_ROOT}/scripts/ops/docker-health-monitor.sh"
TARGET="${1:-all}"
SSH_KEY="${HOME}/.ssh/id_rsa"
KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts"
# 110 用 wooo188 用 ollama
ssh_user() {
@@ -40,7 +41,9 @@ ssh_cmd() {
shift
local user
user=$(ssh_user "$host")
ssh -i "$SSH_KEY" -o StrictHostKeyChecking=no "${user}@${host}" "$@"
mkdir -p "${HOME}/.ssh"
ssh-keyscan -T 5 -t ed25519,rsa,ecdsa "$host" >> "$KNOWN_HOSTS_FILE" 2>/dev/null || true
ssh -i "$SSH_KEY" -o BatchMode=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile="$KNOWN_HOSTS_FILE" "${user}@${host}" "$@"
}
scp_cmd() {
@@ -49,7 +52,9 @@ scp_cmd() {
local dst="$3"
local user
user=$(ssh_user "$host")
scp -i "$SSH_KEY" -o StrictHostKeyChecking=no "$src" "${user}@${host}:${dst}"
mkdir -p "${HOME}/.ssh"
ssh-keyscan -T 5 -t ed25519,rsa,ecdsa "$host" >> "$KNOWN_HOSTS_FILE" 2>/dev/null || true
scp -i "$SSH_KEY" -o BatchMode=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile="$KNOWN_HOSTS_FILE" "$src" "${user}@${host}:${dst}"
}
deploy_to_host() {