多个Linux发行版安装ss服务端

本文仅做技术探讨,请在遵守相应的法律法规的前提下使用。


Centos 7一键安装脚本

简单快捷,随机生成密码,默认端口默认加密类型

bash <(curl -s http://morning.work/examples/2015-12/install-*.sh)
firewall-cmd --zone=public --add-port=/tcp --permanent
firewall-cmd --reload

可以这么控制

# 开启服务
systemctl enable *
systemctl start *

# 检查状态
systemctl status * -l

脚本内容比较简单,通过二进制文件安装了一个pip,如果已有pip或者对脚本内pip来源不信任可以手动安装,并注释掉安装pip的代码

端口,加密类型由自己需要更改

#!/bin/bash
# Install * on CentOS 

echo "Installing *..."

random-string()
{
    :-} |
}

CONFIG_FILE=/etc/*.json
SERVICE_FILE=/etc/systemd/system/*.service
SS_PASSWORD=$(random-)
SS_PORT=
SS_METHOD=aes--cfb
SS_IP=`ip route get  | awk '{print $NF;exit}'`
GET_PIP_FILE=/tmp/get-pip.py

# install pip
curl "https://bootstrap.pypa.io/get-pip.py" -o "${GET_PIP_FILE}"
python ${GET_PIP_FILE}

# install *
pip install --upgrade pip
pip install *

# create shadowsocls config
cat <<EOF | sudo tee ${CONFIG_FILE}
{
  "server": "0.0.0.0",
  "server_port": ${SS_PORT},
  "password": "${SS_PASSWORD}",
  "method": "${SS_METHOD}"
}
EOF

# create service
cat <<EOF | sudo tee ${SERVICE_FILE}
[Unit]
Description=*

[Service]
TimeoutStartSec=
ExecStart=/usr/bin/ssserver -c ${CONFIG_FILE}

[Install]
WantedBy=multi-user.target
EOF

# start service
systemctl enable *
systemctl start *

# view service status

systemctl status * -l

echo "================================"
echo ""
echo "Congratulations! * has been installed on your system."
echo "You * connection info:"
echo "--------------------------------"
echo "server:      ${SS_IP}"
echo "server_port: ${SS_PORT}"
echo "password:    ${SS_PASSWORD}"
echo "method:      ${SS_METHOD}"
echo "--------------------------------"

CentOS 6+, Debian 7+, Ubuntu 12+

据作者介绍这个脚本可以用在多个发行版上,同样是python原版,需要手动输入一些配置,会依据发行版自动配置防火墙

bash <(curl -s https://raw.githubusercontent.com/teddysun/*_install/master/*.sh)

以下是脚本具体内容,像我这种经常换服务器的人并不喜欢这种需要配置的脚本,没怎么看

#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#=================================================================#
#   System Required:  CentOS +, Debian +, Ubuntu +            #
#   Description: One click Install *-Python server      #
#   Author: Teddysun <i@teddysun.com>                             #
#   Thanks: @clowwindy <https://twitter.com/clowwindy>            #
#   Intro:  https://teddysun.com/342.html                         #
#=================================================================#

clear
echo
echo "#############################################################"
echo "# One click Install *-Python server               #"
echo "# Intro: https://teddysun.com/342.html                      #"
echo "# Author: Teddysun <i@teddysun.com>                         #"
echo "# Github: https://github.com/*/*        #"
echo "#############################################################"
echo

libsodium_file="libsodium-1.0.16"
libsodium_url="https://github.com/jedisct1/libsodium/releases/download/1.0.16/libsodium-1.0.16.tar.gz"

# Current folder
cur_dir=`pwd`
# Stream Ciphers
ciphers=(
aes--gcm
aes--gcm
aes--gcm
aes--ctr
aes--ctr
aes--ctr
aes--cfb
aes--cfb
aes--cfb
camellia--cfb
camellia--cfb
camellia--cfb
chacha20-ietf-poly1305
chacha20-ietf
chacha20
rc4-md5
)
# Color
red='\033[0;31m'
green='\033[0;32m'
yellow='\033[0;33m'
plain='\033[0m'

# Make sure only root can run our script
[[ $EUID -ne  ]] && 

# Disable selinux
disable_selinux(){
    if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
        sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
        setenforce
    fi
}

#Check system
check_sys(){
    local checkType=$
    local value=$

    local release=''
    local systemPackage=''

    if [[ -f /etc/redhat-release ]]; then
        release="centos"
        systemPackage="yum"
    elif cat /etc/issue | grep -Eqi "debian"; then
        release="debian"
        systemPackage="apt"
    elif cat /etc/issue | grep -Eqi "ubuntu"; then
        release="ubuntu"
        systemPackage="apt"
    elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
        release="centos"
        systemPackage="yum"
    elif cat /proc/version | grep -Eqi "debian"; then
        release="debian"
        systemPackage="apt"
    elif cat /proc/version | grep -Eqi "ubuntu"; then
        release="ubuntu"
        systemPackage="apt"
    elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
        release="centos"
        systemPackage="yum"
    fi

    if [[ ${checkType} == "sysRelease" ]]; then
        if [ "$value" == "$release" ]; then
            return
        else
            return
        fi
    elif [[ ${checkType} == "packageManager" ]]; then
        if [ "$value" == "$systemPackage" ]; then
            return
        else
            return
        fi
    fi
}

# Get version
getversion(){
    if [[ -s /etc/redhat-release ]]; then
        grep -oE  "[0-9.]+" /etc/redhat-release
    else
        grep -oE  "[0-9.]+" /etc/issue
    fi
}

# CentOS version
centosversion(){
    if check_sys sysRelease centos; then
        local code=$
        local version="$(getversion)"
        local main_ver=${version%%.*}
        if [ "$main_ver" == "$code" ]; then
            return
        else
            return
        fi
    else
        return
    fi
}

# Get public IP address
get_ip(){
    local IP=$( ip addr |  )
    [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )
    [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipinfo.io/ip )
    [ ! -z ${IP} ] && echo ${IP} || echo
}

get_char(){
    SAVEDSTTY=`stty -g`
    stty -echo
    stty cbreak
     count= > /dev/null
    stty -raw
    stty echo
    stty $SAVEDSTTY
}

# Pre-installation settings
pre_install(){
    if check_sys packageManager yum || check_sys packageManager apt; then
        # Not support CentOS
        ; then
            echo -e "$[{red}Error${plain}] Not supported CentOS 5, please change to CentOS 6+/Debian 7+/Ubuntu 12+ and try again."
            exit
        fi
    else
        echo -e "[${red}Error${plain}] Your OS is not supported. please change OS to CentOS/Debian/Ubuntu and try again."
        exit
    fi
    # Set * config password
    echo "Please enter password for *-python"
    read -p "(Default password: teddysun.com):" *pwd
    [ -z "${*pwd}" ] && *pwd="teddysun.com"
    echo
    echo "---------------------------"
    echo "password = ${*pwd}"
    echo "---------------------------"
    echo
    # Set * config port
    while true
    do
    dport=$(shuf -i - -n )
    echo "Please enter a port for *-python [1-65535]"
    read -p "(Default port: ${dport}):" *port
    [ -z "$*port" ] && *port=${dport}
     &>/dev/null
     ]; then
         ] && [ ${*port} -le  ] && [ ${*port::} !=  ]; then
            echo
            echo "---------------------------"
            echo "port = ${*port}"
            echo "---------------------------"
            echo
            break
        fi
    fi
    echo -e "[${red}Error${plain}] Please enter a correct number [1-65535]"
    done

    # Set * config stream ciphers
    while true
    do
    echo -e "Please select stream cipher for *-python:"
    ;i<=${#ciphers[@]};i++ )); do
        hint="${ciphers[$i-1]}"
        echo -e "${green}${i}${plain}) ${hint}"
    done
    read -p "Which cipher you'd select(Default: ${ciphers[0]}):" pick
    [ -z
     &>/dev/null
     ]; then
        echo -e "[${red}Error${plain}] Please enter a number"
        continue
    fi
     || "$pick" -gt ${#ciphers[@]} ]]; then
        echo -e "[${red}Error${plain}] Please enter a number between 1 and ${#ciphers[@]}"
        continue
    fi
    *cipher=${ciphers[$pick-]}
    echo
    echo "---------------------------"
    echo "cipher = ${*cipher}"
    echo "---------------------------"
    echo
    break
    done

    echo
    echo "Press any key to start...or Press Ctrl+C to cancel"
    char=`get_char`
    # Install necessary dependencies
    if check_sys packageManager yum; then
        yum install -y python python-devel python-setuptools openssl openssl-devel curl wget unzip gcc automake autoconf make libtool
    elif check_sys packageManager apt; then
        apt-get -y update
        apt-get -y install python python-dev python-setuptools openssl libssl-dev curl wget unzip gcc automake autoconf make libtool
    fi
    cd ${cur_dir}
}

# Download files
download_files(){
    # Download libsodium file
    if ! wget --no-check-certificate -O ${libsodium_file}.tar.gz ${libsodium_url}; then
        echo -e "[${red}Error${plain}] Failed to download ${libsodium_file}.tar.gz!"
        exit
    fi
    # Download * file
    if ! wget --no-check-certificate -O *-master.zip https://github.com/*/*/archive/master.zip; then
        echo -e "[${red}Error${plain}] Failed to download * python file!"
        exit
    fi
    # Download * init script
    if check_sys packageManager yum; then
        if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/*_install/master/* -O /etc/init.d/*; then
            echo -e "[${red}Error${plain}] Failed to download * chkconfig file!"
            exit
        fi
    elif check_sys packageManager apt; then
        if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/*_install/master/*-debian -O /etc/init.d/*; then
            echo -e "[${red}Error${plain}] Failed to download * chkconfig file!"
            exit
        fi
    fi
}

# Config *
config_*(){
    cat > /etc/*.json<<-EOF
{
    "server":"0.0.0.0",
    "server_port":${*port},
    "local_address":"127.0.0.1",
    ,
    "password":"${*pwd}",
    ,
    "method":"${*cipher}",
    "fast_open":false
}
EOF
}

# Firewall set
firewall_set(){
    echo -e "[${green}Info${plain}] firewall set start..."
    ; then
        /etc/init.d/iptables status > /dev/>&
         ]; then
            iptables -L -n | >&
             ]; then
                iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${*port} -j ACCEPT
                iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${*port} -j ACCEPT
                /etc/init.d/iptables save
                /etc/init.d/iptables restart
            else
                echo -e "[${green}Info${plain}] port ${*port} has already been set up."
            fi
        else
            echo -e "[${yellow}Warning${plain}] iptables looks like shutdown or not installed, please manually set it if necessary."
        fi
    ; then
        systemctl status firewalld > /dev/>&
         ]; then
            firewall-cmd --permanent --zone=public --add-port=${*port}/tcp
            firewall-cmd --permanent --zone=public --add-port=${*port}/udp
            firewall-cmd --reload
        else
            echo -e "[${yellow}Warning${plain}] firewalld looks like not running or not installed, please enable port ${*port} manually if necessary."
        fi
    fi
    echo -e "[${green}Info${plain}] firewall set completed..."
}

# Install *
install(){
    # Install libsodium
    if [ ! -f /usr/lib/libsodium.a ]; then
        cd ${cur_dir}
        tar zxf ${libsodium_file}.tar.gz
        cd ${libsodium_file}
        ./configure --prefix=/usr && make && make install
         ]; then
            echo -e "[${red}Error${plain}] libsodium install failed!"
            install_cleanup
            exit
        fi
    fi

    ldconfig
    # Install *
    cd ${cur_dir}
    unzip -q *-master.zip
     ];then
        echo -e "[${red}Error${plain}] unzip *-master.zip failed! please check unzip command."
        install_cleanup
        exit
    fi

    cd ${cur_dir}/*-master
    python setup.py install --record /usr/local/*_install.log

    if [ -f /usr/bin/ssserver ] || [ -f /usr/local/bin/ssserver ]; then
        chmod +x /etc/init.d/*
        if check_sys packageManager yum; then
            chkconfig --add *
            chkconfig * on
        elif check_sys packageManager apt; then
            update-rc.d -f * defaults
        fi
        /etc/init.d/* start
    else
        echo
        echo -e "[${red}Error${plain}] * install failed! please visit https://teddysun.com/342.html and contact."
        install_cleanup
        exit
    fi

    clear
    echo
    echo -e "Congratulations, *-python server install completed!"
    echo -e "Your Server IP        : \033[41;37m $(get_ip) \033[0m"
    echo -e "Your Server Port      : \033[41;37m ${*port} \033[0m"
    echo -e "Your Password         : \033[41;37m ${*pwd} \033[0m"
    echo -e "Your Encryption Method: \033[41;37m ${*cipher} \033[0m"
    echo
    echo "Welcome to visit:https://teddysun.com/342.html"
    echo "Enjoy it!"
    echo
}

# Install cleanup
install_cleanup(){
    cd ${cur_dir}
    rm -rf *-master.zip *-master ${libsodium_file}.tar.gz ${libsodium_file}
}

# Uninstall *
uninstall_*(){
    printf "Are you sure uninstall *? (y/n) "
    printf "\n"
    read -p "(Default: n):" answer
    [ -z ${answer} ] && answer="n"
    if [ "${answer}" == "y" ] || [ "${answer}" == "Y" ]; then
        >&
         ]; then
            /etc/init.d/* stop
        fi
        if check_sys packageManager yum; then
            chkconfig --del *
        elif check_sys packageManager apt; then
            update-rc.d -f * remove
        fi
        # delete config file
        rm -f /etc/*.json
        rm -f /var/run/*.pid
        rm -f /etc/init.d/*
        rm -f /var/log/*.log
        if [ -f /usr/local/*_install.log ]; then
            cat /usr/local/*_install.log | xargs rm -rf
        fi
        echo "* uninstall success!"
    else
        echo
        echo "uninstall cancelled, nothing to do..."
        echo
    fi
}

# Install *-python
install_*(){
    disable_selinux
    pre_install
    download_files
    config_*
    if check_sys packageManager yum; then
        firewall_set
    fi
    install
    install_cleanup
}

# Initialization step
action=$
[ -z $ ] && action=install
case "$action" in
    install|uninstall)
        ${action}_*
        ;;
    *)
        echo "Arguments error! [${action}]"
        echo "Usage: `basename $0` [install|uninstall]"
    ;;
esac

手动方法

各个发行版的安装方法大同小异,先说python原版

首先你得有个pip

#Debian / Ubuntu下:
apt-get install python-pip
pip install *

#CentOS下:
yum install python-setuptools && easy_install pip
pip install *

#手动安装
curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
python get-pip.py

通过pip安装ss

sudo pip install *

出错的可以手动下载

#此页面下载
https://pypi.python.org/pypi/*

#解压安装
.tar.gz
python setup.py install

使用

#前台运行
ssserver -p  -k password -m aes--cfb

#如果要后台运行:
 -k password -m aes--cfb --user nobody -d start

#如果要停止:
sudo ssserver -d stop

#如果要检查日志:
sudo less /var/log/*.log

#通过脚本运行
sudo ssserver -c /etc/*.json -d start

#脚本这么写
{
  "server": "0.0.0.0",
  ,
  "password": "password",
  "method": "aes-256-cfb"
}

然后就是设置防火墙

firewall-cmd --zone=public --add-port=/tcp --permanent
firewall-cmd --zone=public --add-port=/udp --permanent
firewall-cmd --reload

#或者是

iptables -I INPUT -p tcp -m tcp --dport  -j ACCEPT
iptables -I INPUT -p udp -m tcp --dport  -j ACCEPT
service iptables save
service iptables restart

libev版大同小异,大部分发行版已经有libev,直接安装就可以

客户端,可以用screen后台运行

ss-local -s 服务器地址 -p 服务器端口 -l 本地端端口 -k 密码 -m 加密方法

或者写json

ss-local -c /etc/*-libev/config.json
{
    "server":"remote-*-server-ip-addr",
    ,
    "local_address":"127.0.0.1",
    ,
    "password":"your-passwd",
    ,
    "method":"aes-256-cfb",
    "fast_open":false,

}

写到上边的默认配置后可以不加参数直接ss-local,另外刚安装号后systemctl看一下ss的服务端是否运行,stop并disable掉


博客园  多个Linux发行版安装ss服务端

enjoy it


上一篇:CentOS 7.4安装telnet服务端


下一篇:TinyOS和Deluge的安装模拟(二)