update at 2026-03-15 14:54:51

2026-03-15 14:54:51 +08:00
parent c02b23bad2
commit d375f7174f
26 changed files with 1284 additions and 15 deletions
--- a/scripts/kindle/ssh-collect.sh
+++ b/scripts/kindle/ssh-collect.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+set -eu
+
+# 采集 Kindle 当前 SSH、网络、进程、配置等诊断信息。
+# 输出目录会落在 /mnt/us/ssh-debug/<时间戳>/collect.log。
+
+TS="$(date +%Y%m%d-%H%M%S 2>/dev/null || echo now)"
+OUT_DIR="/mnt/us/ssh-debug/${TS}"
+LOG_FILE="${OUT_DIR}/collect.log"
+
+mkdir -p "${OUT_DIR}"
+exec >"${LOG_FILE}" 2>&1
+
+echo "=== BASIC ==="
+date 2>/dev/null || true
+id 2>/dev/null || true
+uname -a 2>/dev/null || true
+echo "HOME=${HOME:-}"
+
+echo
+echo "=== ROOT PASSWD ENTRY ==="
+grep '^root:' /etc/passwd 2>/dev/null || true
+
+echo
+echo "=== SSH BINARIES ==="
+ls -l /usr/sbin/sshd /mnt/us/usbnet/sbin/sshd /usr/bin/dropbear /mnt/us/usbnet/bin/dropbearmulti 2>/dev/null || true
+
+echo
+echo "=== PROCESS LIST ==="
+ps -ef 2>/dev/null || ps 2>/dev/null || true
+
+echo
+echo "=== LSOF TCP:22 ==="
+if [ -x /mnt/us/usbnet/bin/lsof ]; then
+    /mnt/us/usbnet/bin/lsof -n -P -iTCP:22 2>/dev/null || true
+fi
+
+echo
+echo "=== LSOF ALL TCP LISTENERS ==="
+if [ -x /mnt/us/usbnet/bin/lsof ]; then
+    /mnt/us/usbnet/bin/lsof -n -P -iTCP -sTCP:LISTEN 2>/dev/null || true
+fi
+
+echo
+echo "=== /PROC/NET/TCP ==="
+cat /proc/net/tcp 2>/dev/null || true
+cat /proc/net/tcp6 2>/dev/null || true
+
+echo
+echo "=== NETWORK ==="
+ifconfig -a 2>/dev/null || ifconfig 2>/dev/null || true
+route -n 2>/dev/null || netstat -rn 2>/dev/null || true
+
+echo
+echo "=== IPTABLES ==="
+iptables -S 2>/dev/null || true
+
+echo
+echo "=== USBNET RUN DIR ==="
+ls -la /mnt/us/usbnet/run 2>/dev/null || true
+
+echo
+echo "=== USBNET CONFIG FILES ==="
+for f in /mnt/us/usbnet/etc/config /mnt/us/usbnet/etc/sshd_config /mnt/us/usbnet/etc/authorized_keys; do
+    echo "--- ${f} ---"
+    sed -n '1,200p' "${f}" 2>/dev/null || true
+done
+
+echo
+echo "=== SYSTEM SSHD -T ==="
+/usr/sbin/sshd -T 2>&1 || true
+
+echo
+echo "=== USBNET SSHD -T ==="
+/mnt/us/usbnet/sbin/sshd -T -f /mnt/us/usbnet/etc/sshd_config 2>&1 || true
+
+echo
+echo "=== COMMON SSH DIRS ==="
+for d in /root/.ssh /var/local/root/.ssh "${HOME:-/root}/.ssh" /mnt/us/usbnet/etc/dot.ssh; do
+    echo "--- ${d} ---"
+    ls -la "${d}" 2>/dev/null || true
+done
+
+echo
+echo "=== DONE ==="
+echo "${OUT_DIR}"
--- a/scripts/kindle/ssh-fix-all-keys.sh
+++ b/scripts/kindle/ssh-fix-all-keys.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -eu
+
+# 把 usbnet 共用的 authorized_keys 同步到几处常见 root SSH 目录，
+# 避免不同 sshd/dropbear 读取路径不一致。
+
+TS="$(date +%Y%m%d-%H%M%S 2>/dev/null || echo now)"
+OUT_DIR="/mnt/us/ssh-debug/${TS}"
+LOG_FILE="${OUT_DIR}/fix-all-keys.log"
+SOURCE_KEYS="/mnt/us/usbnet/etc/authorized_keys"
+
+mkdir -p "${OUT_DIR}"
+exec >"${LOG_FILE}" 2>&1
+
+ROOT_HOME="$(awk -F: '/^root:/{print $6}' /etc/passwd 2>/dev/null || true)"
+[ -n "${ROOT_HOME}" ] || ROOT_HOME="/tmp/root"
+
+echo "Root home: ${ROOT_HOME}"
+echo "Source keys: ${SOURCE_KEYS}"
+
+for target_dir in "${ROOT_HOME}/.ssh" /root/.ssh /var/local/root/.ssh /mnt/us/usbnet/etc/dot.ssh; do
+    echo "--- target: ${target_dir} ---"
+    mkdir -p "${target_dir}"
+    if [ -f "${target_dir}/authorized_keys" ]; then
+        cp "${target_dir}/authorized_keys" "${target_dir}/authorized_keys.bak.${TS}" || true
+    fi
+    cp "${SOURCE_KEYS}" "${target_dir}/authorized_keys"
+    chmod 700 "${target_dir}" 2>/dev/null || true
+    chmod 600 "${target_dir}/authorized_keys" 2>/dev/null || true
+    ls -ld "${target_dir}" "${target_dir}/authorized_keys" 2>/dev/null || true
+done
+
+killall -HUP sshd 2>/dev/null || true
+
+echo
+echo "=== DONE ==="
+echo "${OUT_DIR}"
--- a/scripts/kindle/ssh-force-dropbear-22.sh
+++ b/scripts/kindle/ssh-force-dropbear-22.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -eu
+
+# 强制清理残留 SSH 进程，然后在 22 端口拉起一份 usbnet 自带的 DropBear。
+# 这里使用 Kindle hack 里的 -n，让其不走密码检查，方便恢复公钥访问。
+
+TS="$(date +%Y%m%d-%H%M%S 2>/dev/null || echo now)"
+OUT_DIR="/mnt/us/ssh-debug/${TS}"
+LOG_FILE="${OUT_DIR}/force-dropbear-22.log"
+PID_FILE="/mnt/us/usbnet/run/dropbear-force-22.pid"
+
+mkdir -p "${OUT_DIR}" /mnt/us/usbnet/run
+exec >"${LOG_FILE}" 2>&1
+
+echo "=== FORCE DROPBEAR 22 ==="
+date 2>/dev/null || true
+id 2>/dev/null || true
+
+killall sshd 2>/dev/null || true
+killall dropbear 2>/dev/null || true
+killall dropbearmulti 2>/dev/null || true
+sleep 1
+
+rm -f "${PID_FILE}" 2>/dev/null || true
+iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT 2>/dev/null || true
+
+(
+    cd /mnt/us/usbnet
+    exec bin/dropbearmulti dropbear -F -E -p 22 -P "${PID_FILE}" -n
+) &
+
+LAUNCHER_PID="$!"
+echo "${LAUNCHER_PID}" > "${OUT_DIR}/launcher.pid"
+sleep 1
+
+echo "launcher pid: ${LAUNCHER_PID}"
+echo "pid file: ${PID_FILE}"
+if [ -x /mnt/us/usbnet/bin/lsof ]; then
+    /mnt/us/usbnet/bin/lsof -n -P -iTCP:22 2>/dev/null || true
+fi
+
+echo "=== DONE ==="
+echo "${OUT_DIR}"
--- a/scripts/kindle/ssh-force-openssh-22.sh
+++ b/scripts/kindle/ssh-force-openssh-22.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+set -eu
+
+# 强制清理残留 SSH 进程，然后在 22 端口拉起一份 usbnet 自带的 OpenSSH。
+# 这份 sshd 会优先读取 /mnt/us/usbnet/etc/dot.ssh/authorized_keys。
+
+TS="$(date +%Y%m%d-%H%M%S 2>/dev/null || echo now)"
+OUT_DIR="/mnt/us/ssh-debug/${TS}"
+LOG_FILE="${OUT_DIR}/force-openssh-22.log"
+PID_FILE="/mnt/us/usbnet/run/sshd-force-22.pid"
+SOURCE_KEYS="/mnt/us/usbnet/etc/authorized_keys"
+TARGET_KEYS="/mnt/us/usbnet/etc/dot.ssh/authorized_keys"
+
+mkdir -p "${OUT_DIR}" /mnt/us/usbnet/run /mnt/us/usbnet/etc/dot.ssh
+exec >"${LOG_FILE}" 2>&1
+
+echo "=== FORCE OPENSSH 22 ==="
+date 2>/dev/null || true
+id 2>/dev/null || true
+
+if [ -f "${SOURCE_KEYS}" ]; then
+    cp "${SOURCE_KEYS}" "${TARGET_KEYS}"
+    chmod 600 "${TARGET_KEYS}" 2>/dev/null || true
+fi
+chmod 755 /mnt/us/usbnet/etc/dot.ssh 2>/dev/null || true
+
+killall sshd 2>/dev/null || true
+killall dropbear 2>/dev/null || true
+killall dropbearmulti 2>/dev/null || true
+sleep 1
+
+rm -f "${PID_FILE}" 2>/dev/null || true
+iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT 2>/dev/null || true
+
+(
+    exec /mnt/us/usbnet/sbin/sshd -D -e \
+        -f /mnt/us/usbnet/etc/sshd_config \
+        -o ListenAddress=0.0.0.0 \
+        -o Port=22 \
+        -o PidFile="${PID_FILE}" \
+        -o AuthorizedKeysFile="${TARGET_KEYS}" \
+        -o PasswordAuthentication=no \
+        -o KbdInteractiveAuthentication=no \
+        -o PubkeyAuthentication=yes \
+        -o PermitRootLogin=yes \
+        -o HostKey=/mnt/us/usbnet/etc/ssh_host_rsa_key \
+        -o HostKey=/mnt/us/usbnet/etc/ssh_host_ecdsa_key \
+        -o HostKey=/mnt/us/usbnet/etc/ssh_host_ed25519_key
+) &
+
+LAUNCHER_PID="$!"
+echo "${LAUNCHER_PID}" > "${OUT_DIR}/launcher.pid"
+sleep 1
+
+echo "launcher pid: ${LAUNCHER_PID}"
+echo "pid file: ${PID_FILE}"
+if [ -x /mnt/us/usbnet/bin/lsof ]; then
+    /mnt/us/usbnet/bin/lsof -n -P -iTCP:22 2>/dev/null || true
+fi
+
+echo "=== DONE ==="
+echo "${OUT_DIR}"
--- a/scripts/kindle/ssh-stop-all.sh
+++ b/scripts/kindle/ssh-stop-all.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -eu
+
+# 停掉常见 SSH 进程，并清理掉常见 pid 文件。
+
+TS="$(date +%Y%m%d-%H%M%S 2>/dev/null || echo now)"
+OUT_DIR="/mnt/us/ssh-debug/${TS}"
+LOG_FILE="${OUT_DIR}/stop-all.log"
+
+mkdir -p "${OUT_DIR}"
+exec >"${LOG_FILE}" 2>&1
+
+echo "=== STOP ALL SSH DAEMONS ==="
+date 2>/dev/null || true
+id 2>/dev/null || true
+
+killall sshd 2>/dev/null || true
+killall dropbear 2>/dev/null || true
+killall dropbearmulti 2>/dev/null || true
+
+rm -f /mnt/us/usbnet/run/sshd.pid 2>/dev/null || true
+rm -f /mnt/us/usbnet/run/sshd-force-22.pid 2>/dev/null || true
+rm -f /mnt/us/usbnet/run/dropbear-2222.pid 2>/dev/null || true
+rm -f /mnt/us/usbnet/run/dropbear-force-22.pid 2>/dev/null || true
+
+echo "=== DONE ==="
+echo "${OUT_DIR}"