SSH is the only way one should be connecting a remote shell to their Linux machines. SSH can provide remote shells, secure FTP (SFTP) and functions nicely as a tunnel for rsync. SSH comes with every distribution, 99% anyways, is easy to setup and provides excellent security. This article speaks about OpenSSH 4.2, other implementations exist.
The sshd daemon provides the server portion of SSH; it's configuration is usually located at /etc/ssh/sshd_config.
Distributions vary on the defaults in here, some support protocol one and two, some only two.
Regardless of your distribution below are relevant portions of a fairly tightend server with inline comments.
Noteably root is denied, passwords are disabled and groups are restricted.
Read man sshd_config.
# limit protocol and listen address Protocol 2 ListenAddress 1.2.3.4 # restrict logins LoginGraceTime 1m MaxAuthTries 3 PermitRootLogin no PasswordAuthentication no UsePAM yes AllowUsers sshd_user_a sshd_user_b DenyUsers * AllowGroups sshd_users wheel PrintMotd yes UseDNS yes # disable if not needed # Subsystem sftp /usr/lib/misc/sftp-server # If you can limit this it might be a good idea MACs hmac-md5
SSH can automatically authenticate connections when the client presents an authorized key. A client gives it's public key to a server and then when it connects the server knows it's allowed in and automatically allows the connection. The Keys are specific to users, so a key for user_a will not let user_b in.
If the keys don't exists already you must create them.
Look in your ~/.ssh for files called id_rsa and id_rsa.pub.
If those files don't exist say ssh-keygen -b 2048 -t rsa to create them.
Copy id_rsa.pub to the server then append that to ~/.ssh/authorized_keys
In the Creo section we have a script to automate this process.
Optionally you can use a DSA key, simply replace `rsa` with `dsa` above.