Authentication keys are a great first step in securing a server against brute force attacks. If password authentication is disabled, no one can really guess the password. Setting up authentication keys for ssh is a simple process.
On the server, edit the sshd_config file to include the line
PubkeyAuthentication yesRestart sshd
kill -HUP $(cat /var/run/sshd.pid)
On the client machine, use ssh-keygen to create your preferred type of public/private keys. I use DSA keys in this example
user@client:~$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/user/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_dsa. Your public key has been saved in /home/user/.ssh/id_dsa.pub. The key fingerprint is: 00:34:70:52:50:0a:8a:ef:24:9f:8a:10:aa:8f:ef:a0 user@client
Copy the key to the server.
user@client:~/$ scp /home/user/.ssh/id_dsa.pub server:~/On the server, add id_dsa.pub's contents to the file ~/.ssh/authorized_keys.
user@server:~/$ cat id_dsa.pub >> .ssh/authorized_keys user@server:~/$ chmod 400 .ssh/authorized_keys
Now when you SSH to the server from that client, you should not be asked for a password. The `chmod` is needed to secure the file to OpenSSH's liking.
As a final step, explicitly disable password authentication for SSH in sshd_config with the line
PasswordAuthentication yesRestart sshd as above, and you're now secure from any password cracking attempts over ssh. Note that you should still limit their ability to even connect using your hosts.deny and hosts.allow files, but that's a discussion for another day.