If you see

Unable to negotiate with 87.106.152.115 port 22: no matching host key type found. Their offer: ssh-dss
you can workaround via
Host your-host
    HostkeyAlgorithms +ssh-dss
see http://stackoverflow.com/questions/34208495/unable-to-negotiate-with-xx-xxx-xx-xx-no-matching-host-key-type-found-their-of for more.

Login via Key

To authorise yourself to login via key

as user@client
ssh-keygen -t rsa
cd .ssh
cat id_rsa.pub | ssh target-user@target-host 'cat >> .ssh/authorized_keys'
To enable user/pass only on local subnet (from ubuntuforums):
# require a key for everybody
PasswordAuthentication no

# anybody from subnet 192.168.0.0/16 (that is, 192.168.3.x, 192.168.5.x, etc.)
# can login with user/pass
Match Address 192.168.0.0/16
    PasswordAuthentication yes
And to restrict this user/pass login to those with a certain key
# require a key for everybody
PasswordAuthentication no

# any member of the group 'canpass' can log in with user/pass
# while connecting from the subnet 
Match Address 192.168.0.0/16 Group canpass
    PasswordAuthentication yes
Note that nonroutable subnets take the form 192.168.x.y, 172.a.x.y where a ranges from 16 to 31, or 10.x.y.z (see https://en.wikipedia.org/wiki/Private_network)

Ssh Keygen

cd .ssh
ssh-keygen.exe -t rsa
cat id_rsa.pub | ssh hostname.goes.here 'cat >> .ssh/authorized_keys'
ssh hostname.goes.here