I install ssh server on ip 192.168.0.2, I login as root and i generate rsa key, i specified passphase is test123, the file is stored as id_rsa. then in ssh server, i run ssh root@192.168.0.2 and enter my passphase test123. it said failed password, permission denied.

in my etc/ssh/sshd_config. i already specify Permitrootlogin=yes. why I still can't use ssh for root?

The correct syntax is
PermitRootLogin yes

Did you restart ssh server after making configuration changes.

Did you copy the public key to the server?

If you must login in as root which most will say is not a good idea (after you copy the key) use
PermitRootLogin prohibit-password

You do not appear to have transferred the server public key to the client.

When you generate a key on a SSH server, you actually generate a key pair. One is a private key that remains only on the server (think of this as a lock). The other is a public key that can be supplied to any client that wishes to connect to the server.
When a client tries to connect to the server, it needs to show that it has the public key. If the client does not have a key that matches the server private key (fits the lock), the connection is denied.

PS - Permitting root logins at all is considered a security risk. Better is to allow logins only for a normal user who can then escalate to root. Where absolutely required (e.g scripted remote backup), it is best to use a key without a passphrase.

1 members found this post helpful.

I concur with "allend" on all points.

Categorically speaking, always use certificates – with or without a passphrase – and do not permit "root" login.

Furthermore, strictly limit the number of users who are capable of escalating to "root." (That is to say, "members of the wheel group.") This is the "principle of least privilege." Minimize the number of users who are capable of walking into a telephone booth and flying out wearing ugly blue tights ... This maxim applies equally to Linux, MacOS, Windows, or any and every other operating system. Take full advantage of the system's ability to say "No." "Unless you must be an administrator, you aren't one."

And, never use user-names like "admin." Who's the one-and-only super-user on the machine? Why, "suzy-q" of course ... but you'd never guess that.