Reason

Recently, I purchased a new server to get something new. First, I want to achieve password-free login (i.e. user password login). Then, I don't want to use root login, so I searched a lot of data on the Internet, and now summarize some for myself to fumble around in the future._
These are for yourself, don't look for me if you can't understand them

step

1. Add a new user

Add a new user or the server won't be able to log in after root is blocked, haha!
Create user command adduser admin
Modify user command passwd admin
The results are as follows:

2. Prohibit root remote login

Prohibiting root remote login is as easy as modifying a file with a file address of/etc/ssh/sshd_config
Modify the content to PermitRootLogin no. If the content is commented, close the comment before modifying it.Save Exit (note that root privileges are required to modify the file)
Restart sshd service sshd restart

3. Set up new users to log on with ssh password

From this block Remote login to Linux host using SSH service
The first step is to generate a key pair on the client host. Search for the specific command
Second, modify the server host ssh configuration file so that it only allows key validation and specifies the location of the public key data file.

Modify the configuration file as root administrator (/etc/ssh/sshd_config)

 vim /etc/ssh/sshd_config

PubkeyAuthentication yes //Enable key pair validation
AuthorizedKeysFile.ssh/authorized_keys//Specify Public Key Base Data File

The third step is to transfer the public key file generated in the client host to the server host.

[zhangsan@RedHat7-2 ~]$  ssh-copy-id -i ~/.ssh/id_rsa.pub lisi@192.168.10.70 //Upload Public Key Library File to Server
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
lisi@192.168.10.70's password: //Enter the password for the lisi user on the server

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'lisi@192.168.10.70'"
and check to make sure that only the key(s) you wanted were added.

[lisi@RedHat7-1 ~]$ tail -1 ~/.ssh/authorized_keys   //Display public key library file information
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/p8OHTUBJMKqJbxxwUiNJvKVHv8KSMywr
tFB3BEsC02MyU29NKXkGUVM/lC++7b/bK1j/xVg6gJXqCHk2lNrMk/jHjvR6qR7aLYhzWlCa
oDW0/Df9V9nrJNIg82DbXHUziwe6WoR9l+pzzQqYyI1Yq0iPTD4VZM5T94wRMX4taSgO8EQ
umWEeGtoHX/vgklapyMaG3ncA4SBxC0G4JUHo3q2KAfJ4eECrZ9LBwVsPq+4exlzDSeXmGh
aZO+VGo6Kbp7Q6ReA5U1YUbfsa9nKyAexiKxyzaGMXzBEri/aXGUpDibBWzRT4JDocF7PV
wHr+sshYqt4ULdG0wj91SK+D 
zhangsan@RedHat7-2

[lisi@RedHat7-1 ~]$ ls -l ~/.ssh/authorized_keys  //View Public Key Library Files
-rw-------. 1 lisi lisi 400 5 23/04:07 /home/lisi/.ssh/authorized_keys

Note: No user can write to a public key library file.

Step 4, Restart the sshd service program

service sshd restart

Step 5, Validate using a key pair on the client host
Just log in here using your own command-side

4. Prevent other users from logging on with passwords

At this time, new users can still log on with a password, you need to prohibit using a password, you can only log on with a password, you need to prohibit
Note: Before executing the following command, make sure you can log in with your password, otherwise you will not be able to log in after you exit

The following files also need to be edited

/etc/ssh/sshd_config

Where you need to modify it is

PasswordAuthentication no #Change yes to no, if commented, close the comment first

Restart sshd service

service sshd restart

End here