1，首先设置服务端与客户端。
服务端：192.168.109.133     
客户端：192.168.109.132
2，修改ssh服务的端口号
[root@server ~]# vim /etc/ssh/sshd_config

关闭服务端的防火墙和getenforce

[root@server ~]# systemctl stop firewalld  #关闭防火墙
[root@server ~]# setenforce 0  #关闭强制匹配 0关1开
[root@server ~]# getenforce    #查看关闭状态
Permissive
[root@server ~]# systemctl restart sshd  #修改配置文件需要重启该程序生效

3，拒绝root用户远程登录
[root@server ~]# vim /etc/ssh/sshd_config

4，允许特定用户ssh登录，其他用户无法登录

5，公钥验证 免密登录
1.客户端生成一对公私钥

[root@client ~]# ssh-keygen  -t rsa  #--生成非对称秘钥，-t指定算法，rsa一种非对称算法
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #enter默认在该文件下创建
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #免密登录直接回车
Enter same passphrase again: #再次确认直接enter
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:PxURTLA772Rf9iskfzhSNIMn/n/EV9eBbPoWQkS/PBA root@client
The key's randomart image is:
+---[RSA 3072]----+
|          +E=..  |
|           o+= . |
|          o.=.  o|
|           *oB. +|
|        S + B++.o|
|         . * =. +|
|          o @ ..+|
|           * B +o|
|            o *o+|
+----[SHA256]-----+

2.查看创建的公私钥文件

[root@client ~]# ll .ssh/
total 8
-rw-------. 1 root root 2610 Jan  9 15:56 id_rsa#私钥
-rw-r--r--. 1 root root  576 Jan  9 15:56 id_rsa.pub #公钥

3.将公钥发送给服务端

[root@client ~]# ssh-copy-id 192.168.109.133    
#把当前主机.ssh/id_rsa.pub 文件发送到133主机的~/.ssh/authorized_keys
或#scp .ssh/id_rsa.pub  192.168.10.130:/root/.ssh/authorized_keys

4.查看服务器下是否受到公钥信息

[root@server ~]# ll .ssh/
总用量 4
-rw-------. 1 root root 565  1月 18 10:44 authorized_keys

5.验证发起ssh来凝结不要任何验证

[root@client ~]# ssh 192.168.109.133    
  [root@server ~]#