How to securely ssh into a machine at home over the internet
Your best bet is probably to run an SSH server on a non-default port, such as 2020. This prevents most attempts at brute force attacks from the web, as these bots tend to only look on default ports.
You are also going to need to assign the server a static IP address on the LAN, as it needs to be accessible at all times. You can set this in System Settings --> Network
. To prevent IP address conflicts, it's also advisable that you tell your DHCP server (the router in most cases) that this IP address is taken. The method varies by model, but there should be an area somewhere in the router configuration that lets you reserve IP addresses.
The reason for the static IP is that you need to set up port forwarding in your router setup. This allows connections from port to you external IP to be routed to that port on your server.
If your public IP address is dynamic, which it probably is, you're going to want to set up some sort of dynamic DNS service. My recommendation for this service is No-IP. It gives you a free sub-domain that always points to your public IP. This setup does require the installation of a program on an always-on machine on your LAN (called the DUC, provided by No-IP).
Once you have the SSH server set up how you want, SSH to it by entering
ssh user@remotehostip -p XXX
or by using whatever SSH/SFTP client you prefer.
If any of these sections need more detailed instructions, comment and I'll add them in.
If anyone else has trouble following, here is a chat room that has further/more detailed steps: http://chat.stackexchange.com/rooms/37251/discussion-between-homunculus-reticulli-and-zacharee1