If it is dangerous to allow root users to log in directly through a password, we usually do this: the root user is not allowed to log in directly, create a normal account, need to use root to switch through this ordinary account, it is very safe, but some people may feel trouble, such as when uploading files, Only through the ordinary account upload, upload after the change to the owner, but also with the MV command to move.
If you have the same problem with me, then the following content will be useful to you.
The first step is to create the user key, which I created through Xshell. Key type: RSA, key length: 2048 bits.
The second step is to add the public key generated by the first step to the/root/.ssh/authorized_keys file of the root account of the target server. (You may need to create the. SSH directory and the Authorized_keys file when you first add it, you need to be aware that setting the. SSH directory permissions to the 700,authorized_keys file is set to 600.) )
The third step is to modify the/etc/ssh/sshd_config file, find the Permitrootlogin, dismiss the comment if it is commented, and then change the yes or no to Without-password after it.
Finally, you can restart the SSH service.
This article is from the "Last Night Stars" blog, please make sure to keep this source http://yestreenstars.blog.51cto.com/1836303/1683224
Restrict root users to log on only through certificates