I have read through three pages of information on the basic configuration of ssh server, and it seems straight forward enough, but I have a nagging question they don't seem to address (I will keep looking, of course, but perhaps you can accelerate the pace of my study by pointing me to a resource that addresses my specific questions).
I will certainly be disabling login as root via ssh (though there is a question related to that and that is, does that also prevent the user from using sudo to gain root priviledges, and if not how can that limited also - NB: I am just beginning to study creation of new users in Ubuntu and how I can restrict certain users to a tiny sandbox, as it were - so even when a user gets in, he can't go exploring to see what else is on the LAN), and changing the port it uses to some random port number greater than 3000.
But, for my main question, my impression is that I can choose between public key/private key login or password login, but there is nothing said about whether or not they can be combined.
The question is this. Can I use the public key/private key capability to permit a connection between my machine and only certain remote machines, and then use a username/password combination to require the user of that remote machine to prove he is the one user of that remote machine authorized to connect to my machine? If so, how do I do this? And related to this, how can I enforce a certain strength of password, as well as, say, 4096 RSA keys, to be required of users connecting remotely?