It shocks me how many otherwise intelligent people leave port 22 wide open on their machines. In case you didn't know, this is the default port for ssh -- an widely used method of making connections to a machine from remote locations.
- Generate your public/private key pair
- Install the keys on the machines you are going to use to access the server
- Modify your ssh server's config file to require known keys
- Restart your server
Subsystem sftp /usr/libexec/openssh/sftp-server
This is a bare minimum. Note the items in red:
- your public key must exist in /home/yourhomedirectory/.ssh/id_rsa.pub
- ChallengeResponseAuthentication disables simple username/passwords to log on
- AllowUsers is another safety check -- only users who exist here will be able to log in regardless as to what keys they have.