Create the user group and add the users you want to be part of this group:
sudo groupadd sshusers
sudo usermod -a -G sshusers <username># Generate key and create password
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_server_name
eval $(ssh-agent)
ssh-agent add ~/.ssh/id_rsa_server_nameNext edit your ~/.ssh/config with the following:
Host server_name
User username
HostName 192.168.0.225 #The address the server is listening on (doesn't have to be the same as server)
Port 1337
IdentitiesOnly yes
IdentityFile ~/.ssh/id_rsa_server_name
Now copy the public key to your server:
ssh-copy-id -i ~/.ssh/id_rsa_server_name.pub server_name
Setting up the ssh-server
edit /etc/ssh/sshd with the following configurations (backup first)
Port 1337
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
ListenAddress 192.168.0.225
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
UsePAM yes
AllowGroups sshusers
MaxStartups 2
Restart sshd
sudo service sshd restart
Now you can do the following to login to the server:
ssh server_name
If everything has been done well, you should not be prompted for a password and simply find yourself logged in