update

web/admin/firewall/__init__.py

@@ -101,6 +101,15 @@ def set_ssh_pass_status():
     status = request.form.get('status', '1')
     return MwFirewall.instance().setSshPassStatus(status)
 
+@blueprint.route('/set_ssh_pubkey_status', endpoint='set_ssh_pubkey_status', methods=['POST'])
+@panel_login_required
+def set_ssh_pubkey_status():
+    if mw.isAppleSystem():
+        return mw.returnData(True, '开发机不能设置!')
+    status = request.form.get('status', '1')
+    return MwFirewall.instance().setSshPubkeyStatus(status)
+
+
 
 
 

web/static/app/firewall.js

@@ -49,7 +49,6 @@ $("#firewalldType").change(function(){
 
 
 function sshMgr(){
-
 	$.post('/firewall/get_ssh_info', '', function(rdata){
 		var ssh_status = rdata.status ? 'checked':'';
 		var pass_prohibit_status = rdata.pass_prohibit_status ? 'checked':'';
@@ -81,8 +80,8 @@ function sshMgr(){
                             <td>禁止密钥登陆</td>\
                             <td>\
                                 <div class="ssh-item" style="margin-left:0">\
-                                    <input class="btswitch btswitch-ios" id="pass_status" type="checkbox" '+pubkey_prohibit_status+'>\
-                                    <label class="btswitch-btn" for="pass_status" onclick=\'setSshPassStatus()\'></label>\
+                                    <input class="btswitch btswitch-ios" id="pubkey_status" type="checkbox" '+pubkey_prohibit_status+'>\
+                                    <label class="btswitch-btn" for="pubkey_status" onclick=\'setSshPubkeyStatus()\'></label>\
                                 </div>\
                             </td>\
                         </tr>\
@@ -100,7 +99,6 @@ function sshMgr(){
 	        success:function(){
 	        },
 	    });
-
 	},'json');
 }
 
@@ -283,6 +281,37 @@ function setSshPassStatus(){
 	});
 }
 
+/**
+ * 设置远程服务状态
+ * @param {Int} state 0.启用 1.关闭
+ */
+function setSshPubkeyStatus(){
+	status = $("#pubkey_status").prop("checked")==true?1:0;
+	var msg = status==1?'开启密码登陆,继续吗？':'确定禁止密码登陆吗？';
+	layer.confirm(msg,{title:'警告',closeBtn:2,cancel:function(){
+		if(status == 0){
+			$("#pubkey_status").prop("checked",false);
+		} else {
+			$("#pubkey_status").prop("checked",true);
+		}
+	}},function(index){
+		if(index > 0){
+			layer.msg('正在处理,请稍候...',{icon:16,time:20000});
+			$.post('/firewall/set_ssh_pubkey_status','status='+status,function(rdata){
+				layer.msg(rdata.msg,{icon:rdata.status?1:2});
+			},'json');
+		}
+	},function(){
+		if(status == 0){
+			$("#pubkey_status").prop("checked",false);
+		} else {
+			$("#pubkey_status").prop("checked",true);
+		}
+	});
+}
+
+
+
 /**
  * 取回数据
  * @param {Int} page  分页号

web/utils/firewall.py

@@ -393,7 +393,35 @@ class Firewall(object):
         mw.writeFile(file, conf)
         mw.execShell("systemctl restart sshd.service")
         mw.writeLog("SSH管理", msg)
-        return mw.returnJson(True, msg)
+        return mw.returnData(True, msg)
+
+    def setSshPubkeyStatus(self, status):
+        msg = '禁止密钥登陆成功'
+        if status == "1":
+            msg = '开启密钥登陆成功'
+
+        file = '/etc/ssh/sshd_config'
+        if not os.path.exists(file):
+            return mw.returnJson(False, '无法设置!')
+
+        content = mw.readFile(file)
+
+        pubkey_rep = r"PubkeyAuthentication\s+(\w*)\s*\n"
+        pubkey_status = re.search(pubkey_rep, content)
+        if not pubkey_status:
+            rep = r"(#)?PubkeyAuthentication\s+(\w*)\s*\n"
+            content = re.sub(rep, "PubkeyAuthentication yes\n", content)
+
+        if status == '1':
+            rep = r"PubkeyAuthentication\s+(\w*)\s*\n"
+            content = re.sub(rep, "PubkeyAuthentication yes\n", content)
+        else:
+            rep = r"PubkeyAuthentication\s+(\w*)\s*\n"
+            content = re.sub(rep, "PubkeyAuthentication no\n", content)
+        mw.writeFile(file, content)
+        mw.execShell("systemctl restart sshd.service")
+        mw.writeLog("SSH管理", msg)
+        return mw.returnData(True, msg)