Configuring SSH

generate keys by command ssh-keygen -t rsa and then follow the default configuration.

Generating public/private rsa key pair.  
Enter file in which to save the key (/home/example/.ssh/id\_rsa):  
Created directory '/home/example/.ssh'.  
Enter passphrase (empty for no passphrase):  
Enter same passphrase again:  
Your identification has been saved in /home/example/.ssh/id\_rsa.  
Your public key has been saved in /home/example/.ssh/id\_rsa.pub.  
The key fingerprint is:  
5e:3f:6f:57:42:d0:b2:f5:aa:98:53:0f:20:5d:b0:2a example@example

it will generates 2 files in ~/.ssh (id_rsa and id_rsa.pub) id_rsa : it’s a private key ,should be protected. id_rsa.pub : it’s a public key

you can use command ssh-copy-id to copy the public key to another computer, or you can also use scp to copy the public key.

if server trust a client to access to SSH server without password (passwordless log-in).
1-server copy client’s public key to ~/.ssh/ ssh-copy-id or scp
2-change public key name into authorized_keys.
3- change it’s permission into 600 chmod 600 authorized_keys

To allow to run some X window programs such as Firefox on a remote computer.

edit sshd_config nano /etc/ssh/sshd_config   and check these options
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
Then connect to remote computer by command ssh -X username@server

don’t allow root login edit sshd_config nano/etc/ssh/sshd_config you will find #PermitRootLogin yes uncomment it and change it to no PermitRootLogin no

Add SSHD to TCP Wrapper to allow and deny hosts to connect to SSHD  edit /etc/hosts.allow or /etc/hosts.deny
Example:
to deny host 192.168.0.132 to connect to SSH server
nano /etc/hosts.deny
sshd : 192.168.0.132