fix(security): 移除即時高風險明文與 SSH 信任缺口 [skip ci]
This commit is contained in:
@@ -37,7 +37,7 @@ check_url() {
|
||||
|
||||
check_ssh() {
|
||||
local name=$1 host=$2
|
||||
if ssh -o ConnectTimeout=3 -o BatchMode=yes -o StrictHostKeyChecking=no \
|
||||
if ssh -o ConnectTimeout=3 -o BatchMode=yes -o StrictHostKeyChecking=accept-new \
|
||||
"$host" "echo ok" 2>/dev/null | grep -q ok; then
|
||||
ok "SSH $name ($host)"
|
||||
return 0
|
||||
|
||||
@@ -25,6 +25,7 @@ MONITOR_SCRIPT="${REPO_ROOT}/scripts/ops/docker-health-monitor.sh"
|
||||
TARGET="${1:-all}"
|
||||
|
||||
SSH_KEY="${HOME}/.ssh/id_rsa"
|
||||
KNOWN_HOSTS_FILE="${HOME}/.ssh/known_hosts"
|
||||
|
||||
# 110 用 wooo,188 用 ollama
|
||||
ssh_user() {
|
||||
@@ -40,7 +41,9 @@ ssh_cmd() {
|
||||
shift
|
||||
local user
|
||||
user=$(ssh_user "$host")
|
||||
ssh -i "$SSH_KEY" -o StrictHostKeyChecking=no "${user}@${host}" "$@"
|
||||
mkdir -p "${HOME}/.ssh"
|
||||
ssh-keyscan -T 5 -t ed25519,rsa,ecdsa "$host" >> "$KNOWN_HOSTS_FILE" 2>/dev/null || true
|
||||
ssh -i "$SSH_KEY" -o BatchMode=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile="$KNOWN_HOSTS_FILE" "${user}@${host}" "$@"
|
||||
}
|
||||
|
||||
scp_cmd() {
|
||||
@@ -49,7 +52,9 @@ scp_cmd() {
|
||||
local dst="$3"
|
||||
local user
|
||||
user=$(ssh_user "$host")
|
||||
scp -i "$SSH_KEY" -o StrictHostKeyChecking=no "$src" "${user}@${host}:${dst}"
|
||||
mkdir -p "${HOME}/.ssh"
|
||||
ssh-keyscan -T 5 -t ed25519,rsa,ecdsa "$host" >> "$KNOWN_HOSTS_FILE" 2>/dev/null || true
|
||||
scp -i "$SSH_KEY" -o BatchMode=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile="$KNOWN_HOSTS_FILE" "$src" "${user}@${host}:${dst}"
|
||||
}
|
||||
|
||||
deploy_to_host() {
|
||||
|
||||
Reference in New Issue
Block a user