为什么我的 sshd_config 文件中的设置除了其中一个之外没有被应用？

sshd_config我正在尝试通过更改系统文件中的几个设置来保护我的 Linux 机器。以下是sshd_config文件：

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel VERBOSE

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 3
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem       sftp    /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

首先，我不想允许 root 登录，因此我将该设置更改为no。然后我将最大登录尝试次数从 6 次减少到 3 次（这是有效的方法）。最后，我禁用通过密码登录的选项，而是要求输入私钥。但是，当我尝试运行ssh root@localhost以测试更改时，您可以从下面的输出中看到，实际上没有应用任何内容：

ssh root@localhost             
root@localhost's password: 
Permission denied, please try again.
root@localhost's password: 
Permission denied, please try again.
root@localhost's password: 
root@localhost: Permission denied (publickey,password)

以下是输出cat /var/log/syslog | grep ssh（整个文件大约有 13000 行，我很确定其中包含敏感信息，因此我只包含了 ssh 部分）。在创建此日志时​​，日志级别设置为信息。我刚刚改成了冗长但下面的日志不是冗长：

Feb 20 14:34:32 kali systemd[1022]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 20 19:38:20 kali systemd[1513]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 20 19:38:20 kali gpg-agent[1620]: using fd 3 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 20 19:38:20 kali gpg-agent[1620]: listening on: std=6 extra=4 browser=5 ssh=3
Feb 20 19:38:20 kali gpg-agent[1623]: using fd 3 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 20 19:38:20 kali gpg-agent[1623]: listening on: std=6 extra=4 browser=5 ssh=3
Feb 20 19:38:29 kali systemd[1022]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Feb 20 19:54:46 kali systemd[9539]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 20 19:59:43 kali systemd[9539]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Feb 21 14:36:16 kali systemd[1]: Regenerate SSH host keys was skipped because of a failed condition check (ConditionPathExistsGlob=!/etc/ssh/ssh_host_*_key).
Feb 21 14:36:23 kali systemd[1013]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 21 14:36:35 kali systemd[1160]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 21 14:36:36 kali gpg-agent[1269]: using fd 4 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 21 14:36:36 kali gpg-agent[1269]: listening on: std=6 extra=5 browser=3 ssh=4
Feb 21 14:36:36 kali gpg-agent[1272]: using fd 4 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 21 14:36:36 kali gpg-agent[1272]: listening on: std=6 extra=5 browser=3 ssh=4
Feb 21 14:36:44 kali systemd[1013]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Feb 21 21:02:14 kali systemd[27772]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 18:53:51 kali systemd[1]: Regenerate SSH host keys was skipped because of a failed condition check (ConditionPathExistsGlob=!/etc/ssh/ssh_host_*_key).
Feb 22 18:53:58 kali systemd[1009]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 18:54:18 kali systemd[1162]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 18:54:19 kali gpg-agent[1276]: using fd 6 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 22 18:54:19 kali gpg-agent[1276]: listening on: std=3 extra=4 browser=5 ssh=6
Feb 22 18:54:19 kali gpg-agent[1279]: using fd 6 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 22 18:54:19 kali gpg-agent[1279]: listening on: std=3 extra=4 browser=5 ssh=6
Feb 22 18:54:26 kali systemd[1009]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 18:56:51 kali dbus-daemon[3256]: [session uid=0 pid=3254] Activating service name='org.freedesktop.portal.Desktop' requested by ':1.0' (uid=0 pid=3250 comm="gedit /etc/ssh/sshd_config ")
Feb 22 18:56:51 kali dbus-daemon[3256]: [session uid=0 pid=3254] Activating service name='ca.desrt.dconf' requested by ':1.0' (uid=0 pid=3250 comm="gedit /etc/ssh/sshd_config ")
Feb 22 19:13:05 kali systemd[1]: ssh.service: Deactivated successfully.
Feb 22 19:15:03 kali systemd[1]: ssh.service: Deactivated successfully.
Feb 22 19:16:59 kali systemd[1]: ssh.service: Deactivated successfully.
Feb 22 19:18:52 kali systemd[1]: ssh.service: Deactivated successfully.
Feb 22 19:20:08 kali systemd[1]: Regenerate SSH host keys was skipped because of a failed condition check (ConditionPathExistsGlob=!/etc/ssh/ssh_host_*_key).
Feb 22 19:20:13 kali systemd[945]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 19:20:25 kali systemd[1096]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 19:20:26 kali gpg-agent[1203]: using fd 5 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 22 19:20:26 kali gpg-agent[1203]: listening on: std=4 extra=6 browser=3 ssh=5
Feb 22 19:20:26 kali gpg-agent[1206]: using fd 5 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 22 19:20:26 kali gpg-agent[1206]: listening on: std=4 extra=6 browser=3 ssh=5
Feb 22 19:20:35 kali systemd[945]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 19:28:55 kali dbus-daemon[4386]: [session uid=0 pid=4384] Activating service name='org.freedesktop.portal.Desktop' requested by ':1.0' (uid=0 pid=4380 comm="gedit /etc/ssh/sshd_config ")
Feb 22 19:28:55 kali dbus-daemon[4386]: [session uid=0 pid=4384] Activating service name='ca.desrt.dconf' requested by ':1.0' (uid=0 pid=4380 comm="gedit /etc/ssh/sshd_config ")
Feb 22 19:53:22 kali systemd[24743]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 20:14:28 kali systemd[1]: Regenerate SSH host keys was skipped because of a failed condition check (ConditionPathExistsGlob=!/etc/ssh/ssh_host_*_key).
Feb 22 20:14:34 kali systemd[947]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 20:16:59 kali systemd[1385]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 20:17:00 kali gpg-agent[1493]: using fd 4 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 22 20:17:00 kali gpg-agent[1493]: listening on: std=6 extra=5 browser=3 ssh=4
Feb 22 20:17:00 kali gpg-agent[1496]: using fd 4 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 22 20:17:00 kali gpg-agent[1496]: listening on: std=6 extra=5 browser=3 ssh=4
Feb 22 20:17:09 kali systemd[947]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Feb 22 20:23:52 kali dbus-daemon[4653]: [session uid=0 pid=4651] Activating service name='org.freedesktop.portal.Desktop' requested by ':1.0' (uid=0 pid=4647 comm="gedit /etc/ssh/sshd_config ")
Feb 22 20:23:52 kali dbus-daemon[4653]: [session uid=0 pid=4651] Activating service name='ca.desrt.dconf' requested by ':1.0' (uid=0 pid=4647 comm="gedit /etc/ssh/sshd_config ")
Feb 22 20:25:04 kali systemd[1]: ssh.service: Deactivated successfully.
Feb 22 20:52:06 kali systemd[1]: ssh.service: Deactivated successfully.
Feb 22 21:04:36 kali systemd[16788]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 23 09:00:30 kali systemd[1]: Regenerate SSH host keys was skipped because of a failed condition check (ConditionPathExistsGlob=!/etc/ssh/ssh_host_*_key).
Feb 23 09:00:37 kali systemd[1012]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 23 09:00:55 kali systemd[1095]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 23 09:00:56 kali gpg-agent[1203]: using fd 3 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 23 09:00:56 kali gpg-agent[1203]: listening on: std=4 extra=5 browser=6 ssh=3
Feb 23 09:00:56 kali gpg-agent[1206]: using fd 3 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 23 09:00:56 kali gpg-agent[1206]: listening on: std=4 extra=5 browser=6 ssh=3
Feb 23 14:01:06 kali systemd[1012]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Feb 23 14:09:43 kali systemd[1]: Regenerate SSH host keys was skipped because of a failed condition check (ConditionPathExistsGlob=!/etc/ssh/ssh_host_*_key).
Feb 23 14:09:49 kali systemd[1006]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 23 14:10:20 kali systemd[1383]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Feb 23 14:10:21 kali gpg-agent[1491]: using fd 6 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 23 14:10:21 kali gpg-agent[1491]: listening on: std=4 extra=3 browser=5 ssh=6
Feb 23 14:10:21 kali gpg-agent[1494]: using fd 6 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Feb 23 14:10:21 kali gpg-agent[1494]: listening on: std=4 extra=3 browser=5 ssh=6
Feb 23 14:10:29 kali systemd[1006]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Feb 23 14:12:56 kali systemd[1]: ssh.service: Deactivated successfully.
Feb 23 14:13:11 kali systemd[1]: ssh.service: Deactivated successfully.

允许 root 登录并要求输入密码。我的sshd_config文件的位置是/etc/ssh/sshd_config，这对我来说是一个奇怪的位置，因为我认为它应该位于普通用户的主目录中（例如$HOME/.ssh/sshd_config）。也许这与此有关？有人能帮助我理解这里的问题并提出解决方案吗？

编辑：@mashuptwice 指出 root 登录提示是一项功能，并且按预期工作。但是，即使我禁用了密码验证，当我尝试以普通用户身份登录时，我仍可以使用我的密码。以下是我运行时发生的输出ssh <username>@localhost：

ssh johnmap007@localhost
johnmap007@localhost's password: 
Linux kali 5.16.0-kali1-amd64 #1 SMP PREEMPT Debian 5.16.7-2kali1 (2022-02-10) x86_64

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Feb 23 15:12:59 2022 from ::1

Warning: PATH set to RVM ruby but GEM_HOME and/or GEM_PATH not set, see:
    https://github.com/rvm/rvm/issues/3212

┌──(johnmap007㉿kali)-[~]
└─$