一键cat命令完成vps所有优化,以修改端口为9999例,包括安装xanmod,bbr+fq,mosh等等所有优化,代码:
cat <<‘EOF’ | bash
set -e
echo “===== 检查系统 =====”
if ! grep -qi debian /etc/os-release; then
echo “❌ 当前不是 Debian,停止执行”
exit 1
fi
echo “===== 更新系统 =====”
apt update -y && apt upgrade -y
echo “===== 修改 SSH 端口 =====”
sed -i ‘s/#Port 22/Port 9999/g’ /etc/ssh/sshd_config
sed -i ‘s/^Port 22/Port 9999/g’ /etc/ssh/sshd_config
echo “===== SSH:密码 + 密钥登录 =====”
cat <<‘EOF’ | bash
set -e
echo “===== 检查系统 =====”
if ! grep -qi debian /etc/os-release; then
echo “❌ 当前不是 Debian,停止执行”
exit 1
fi
echo “===== 更新系统 =====”
apt update -y && apt upgrade -y
echo “===== 修改 SSH 端口 =====”
sed -i ‘s/#Port 22/Port 9999/g’ /etc/ssh/sshd_config
sed -i ‘s/^Port 22/Port 9999/g’ /etc/ssh/sshd_config
echo “===== SSH:密码 + 密钥登录 =====”
sed -i ‘s/#PasswordAuthentication yes/PasswordAuthentication yes/g’ /etc/ssh/sshd_config
sed -i ‘s/PasswordAuthentication no/PasswordAuthentication yes/g’ /etc/ssh/sshd_config
sed -i ‘s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g’ /etc/ssh/sshd_config
sed -i ‘s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g’ /etc/ssh/sshd_config
echo “===== SSH 防掉线优化 =====”
grep -q “ClientAliveInterval” /etc/ssh/sshd_config || cat >> /etc/ssh/sshd_config <<EOL
ClientAliveInterval 60
ClientAliveCountMax 10
TCPKeepAlive yes
UseDNS no
GSSAPIAuthentication no
EOL
systemctl restart ssh
echo “===== 安装基础工具 =====”
apt install -y curl wget sudo vim htop mosh fail2ban gnupg ca-certificates
echo “===== 安装 xanmod 内核 =====”
wget -qO – https://dl.xanmod.org/gpg.key | gpg –dearmor -o /usr/share/keyrings/xanmod.gpg
echo ‘deb [signed-by=/usr/share/keyrings/xanmod.gpg] http://deb.xanmod.org releases main’ > /etc/apt/sources.list.d/xanmod-release.list
apt update
apt install -y linux-xanmod-lts || apt install -y linux-xanmod
echo “===== 启用 BBR =====”
grep -q “tcp_congestion_control=bbr” /etc/sysctl.conf || cat >> /etc/sysctl.conf <<EOL
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
EOL
sysctl -p
echo “===== 尝试 BBR3(可能失败)=====”
modprobe tcp_bbr 2>/dev/null || true
echo “===== 网络优化 =====”
grep -q “tcp_fastopen” /etc/sysctl.conf || cat >> /etc/sysctl.conf <<EOL
net.ipv4.tcp_fastopen=3
net.ipv4.tcp_mtu_probing=1
net.ipv4.tcp_syncookies=1
net.core.somaxconn=1024
net.ipv4.ip_forward=1
EOL
sysctl -p
echo “===== 配置 fail2ban =====”
cat > /etc/fail2ban/jail.local <<EOL
[sshd]
enabled = true
port = 9999
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
EOL
systemctl enable fail2ban
systemctl restart fail2ban
echo “===== 完成 =====”
echo “⚠️ 请执行 reboot 重启以启用 xanmod 内核”
echo “👉 SSH连接: ssh -p 9999 root@IP”
EOF
运行后重启vps生效。