diff --git a/web/admin/firewall/__init__.py b/web/admin/firewall/__init__.py
index 68b898855..0e5fd77ea 100644
--- a/web/admin/firewall/__init__.py
+++ b/web/admin/firewall/__init__.py
@@ -101,6 +101,15 @@ def set_ssh_pass_status():
status = request.form.get('status', '1')
return MwFirewall.instance().setSshPassStatus(status)
+@blueprint.route('/set_ssh_pubkey_status', endpoint='set_ssh_pubkey_status', methods=['POST'])
+@panel_login_required
+def set_ssh_pubkey_status():
+ if mw.isAppleSystem():
+ return mw.returnData(True, '开发机不能设置!')
+ status = request.form.get('status', '1')
+ return MwFirewall.instance().setSshPubkeyStatus(status)
+
+
diff --git a/web/static/app/firewall.js b/web/static/app/firewall.js
index 3936a7b45..fe9d1a22f 100755
--- a/web/static/app/firewall.js
+++ b/web/static/app/firewall.js
@@ -49,7 +49,6 @@ $("#firewalldType").change(function(){
function sshMgr(){
-
$.post('/firewall/get_ssh_info', '', function(rdata){
var ssh_status = rdata.status ? 'checked':'';
var pass_prohibit_status = rdata.pass_prohibit_status ? 'checked':'';
@@ -81,8 +80,8 @@ function sshMgr(){
| 禁止密钥登陆 | \
\
\
- \
- \
+ \
+ \
\
| \
\
@@ -100,7 +99,6 @@ function sshMgr(){
success:function(){
},
});
-
},'json');
}
@@ -283,6 +281,37 @@ function setSshPassStatus(){
});
}
+/**
+ * 设置远程服务状态
+ * @param {Int} state 0.启用 1.关闭
+ */
+function setSshPubkeyStatus(){
+ status = $("#pubkey_status").prop("checked")==true?1:0;
+ var msg = status==1?'开启密码登陆,继续吗?':'确定禁止密码登陆吗?';
+ layer.confirm(msg,{title:'警告',closeBtn:2,cancel:function(){
+ if(status == 0){
+ $("#pubkey_status").prop("checked",false);
+ } else {
+ $("#pubkey_status").prop("checked",true);
+ }
+ }},function(index){
+ if(index > 0){
+ layer.msg('正在处理,请稍候...',{icon:16,time:20000});
+ $.post('/firewall/set_ssh_pubkey_status','status='+status,function(rdata){
+ layer.msg(rdata.msg,{icon:rdata.status?1:2});
+ },'json');
+ }
+ },function(){
+ if(status == 0){
+ $("#pubkey_status").prop("checked",false);
+ } else {
+ $("#pubkey_status").prop("checked",true);
+ }
+ });
+}
+
+
+
/**
* 取回数据
* @param {Int} page 分页号
diff --git a/web/utils/firewall.py b/web/utils/firewall.py
index 983dbe155..7a1906a75 100644
--- a/web/utils/firewall.py
+++ b/web/utils/firewall.py
@@ -393,7 +393,35 @@ class Firewall(object):
mw.writeFile(file, conf)
mw.execShell("systemctl restart sshd.service")
mw.writeLog("SSH管理", msg)
- return mw.returnJson(True, msg)
+ return mw.returnData(True, msg)
+
+ def setSshPubkeyStatus(self, status):
+ msg = '禁止密钥登陆成功'
+ if status == "1":
+ msg = '开启密钥登陆成功'
+
+ file = '/etc/ssh/sshd_config'
+ if not os.path.exists(file):
+ return mw.returnJson(False, '无法设置!')
+
+ content = mw.readFile(file)
+
+ pubkey_rep = r"PubkeyAuthentication\s+(\w*)\s*\n"
+ pubkey_status = re.search(pubkey_rep, content)
+ if not pubkey_status:
+ rep = r"(#)?PubkeyAuthentication\s+(\w*)\s*\n"
+ content = re.sub(rep, "PubkeyAuthentication yes\n", content)
+
+ if status == '1':
+ rep = r"PubkeyAuthentication\s+(\w*)\s*\n"
+ content = re.sub(rep, "PubkeyAuthentication yes\n", content)
+ else:
+ rep = r"PubkeyAuthentication\s+(\w*)\s*\n"
+ content = re.sub(rep, "PubkeyAuthentication no\n", content)
+ mw.writeFile(file, content)
+ mw.execShell("systemctl restart sshd.service")
+ mw.writeLog("SSH管理", msg)
+ return mw.returnData(True, msg)