一键cat命令完成vps所有优化

Posted on

一键cat命令完成vps所有优化,以修改端口为9999例,包括安装xanmod,bbr+fq,mosh等等所有优化,代码:

cat <<’EOF’ | bash

set -e

echo “===== 检查系统 =====”

if ! grep -qi debian /etc/os-release; then

echo “❌ 当前不是 Debian,停止执行”

exit 1

fi

echo “===== 更新系统 =====”

apt update -y && apt upgrade -y

echo “===== 修改 SSH 端口 =====”

sed -i ‘s/#Port 22/Port 9999/g’ /etc/ssh/sshd_config

sed -i ‘s/^Port 22/Port 9999/g’ /etc/ssh/sshd_config

echo “===== SSH:密码 + 密钥登录 =====”

cat <<’EOF’ | bash
set -e

echo “===== 检查系统 =====”
if ! grep -qi debian /etc/os-release; then
echo “❌ 当前不是 Debian,停止执行”
exit 1
fi

echo “===== 更新系统 =====”
apt update -y && apt upgrade -y

echo “===== 修改 SSH 端口 =====”
sed -i ‘s/#Port 22/Port 9999/g’ /etc/ssh/sshd_config
sed -i ‘s/^Port 22/Port 9999/g’ /etc/ssh/sshd_config

echo “===== SSH:密码 + 密钥登录 =====”
sed -i ‘s/#PasswordAuthentication yes/PasswordAuthentication yes/g’ /etc/ssh/sshd_config
sed -i ‘s/PasswordAuthentication no/PasswordAuthentication yes/g’ /etc/ssh/sshd_config
sed -i ‘s/#PubkeyAuthentication yes/Puecho “===== SSH:密码 + 密钥登录 =====”

cat <<’EOF’ | bash
set -e

echo “===== 检查系统 =====”
if ! grep -qi debian /etc/os-release; then
echo “❌ 当前不是 Debian,停止执行”
exit 1
fi

echo “===== 更新系统 =====”
apt update -y && apt upgrade -y

echo “===== 修改 SSH 端口 =====”
sed -i ‘s/#Port 22/Port 9999/g’ /etc/ssh/sshd_config
sed -i ‘s/^Port 22/Port 9999/g’ /etc/ssh/sshd_config

echo “===== SSH:密码 + 密钥登录 =====”
sed -i ‘s/#PasswordAuthentication yes/PasswordAuthentication yes/g’ /etc/ssh/sshd_config
sed -i ‘s/PasswordAuthentication no/PasswordAuthentication yes/g’ /etc/ssh/sshd_config
sed -i ‘s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g’ /etc/ssh/sshd_config
sed -i ‘s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g’ /etc/ssh/sshd_config

echo “===== SSH 防掉线优化 =====”
grep -q “ClientAliveInterval” /etc/ssh/sshd_config || cat >> /etc/ssh/sshd_config <<EOL
ClientAliveInterval 60
ClientAliveCountMax 10
TCPKeepAlive yes
UseDNS no
GSSAPIAuthentication no
EOL

systemctl restart ssh

echo “===== 安装基础工具 =====”
apt install -y curl wget sudo vim htop mosh fail2ban gnupg ca-certificates

echo “===== 安装 xanmod 内核 =====”
wget -qO - https://dl.xanmod.org/gpg.key | gpg –dearmor -o /usr/share/keyrings/xanmod.gpg
echo ‘deb [signed-by=/usr/share/keyrings/xanmod.gpg] http://deb.xanmod.org releases main’ > /etc/apt/sources.list.d/xanmod-release.list

apt update
apt install -y linux-xanmod-lts || apt install -y linux-xanmod

echo “===== 启用 BBR =====”
grep -q “tcp_congestion_control=bbr” /etc/sysctl.conf || cat >> /etc/sysctl.conf <<EOL
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
EOL
sysctl -p

echo “===== 尝试 BBR3(可能失败)=====”
modprobe tcp_bbr 2>/dev/null || true

echo “===== 网络优化 =====”
grep -q “tcp_fastopen” /etc/sysctl.conf || cat >> /etc/sysctl.conf <<EOL
net.ipv4.tcp_fastopen=3
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_syncookies=1
net.core.somaxconn=1024
net.ipv4.ip_forward=1
EOL

sysctl -p

echo “===== 配置 fail2ban =====”
cat > /etc/fail2ban/jail.local <<EOL
[sshd]
enabled = true
port = 9999
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
EOL

systemctl enable fail2ban
systemctl restart fail2ban

echo “===== 完成 =====”
echo “⚠️ 请执行 reboot 重启以启用 xanmod 内核”
echo “👉 SSH连接: ssh -p 9999 root@IP”
EOF

运行后重启vps生效。