一、禁止 Root 直接登陆
1、新建登陆用户
[root@localhost ~]# useradd haolb
[root@localhost ~]# passwd haolb
Changing password for user haolb.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]#
2、修改 sshd 配置文件,禁用root用户登录
vi /etc/ssh/sshd_config
# 修改内容
PermitRootLogin yes # 此处请留意 root 用户能否通过 SSH 登录,默认为yes。本人暂不禁用。
3、重启 sshd
systemctl restart sshd
4、登陆 通过 haolb 账号登陆后,再切换 root
su root
二、禁止 Root 密码登陆,只能通过 SSH key 登陆
1、生成 key
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8mOUzS3bGA/eF/cgY5KihOMtlnqHeVMXUm0qTBeSTRM root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| .+E+ |
| o.+.o |
| o o o |
| . ++oo |
| o o SoO.= o .|
| . = =.o.% o +.|
| =oo.+.+ + . .|
| o+.+. . . |
| .. o . |
+----[SHA256]-----+
[root@localhost ~]#
2、导入公钥
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
3、设置禁止密码登录
vim /etc/ssh/sshd_config
# 禁止密码登陆
PasswordAuthentication no
4、重启服务
systemctl restart sshd
5、本地 Windows 登陆
把私钥拷贝到本机上,Xshell 登陆
参考