I thought configuring GPG was a headache with sub-keys, revocation-certificates, key-servers,...
BUT ssh?! 
I mean, ssh user@host -- get it. Easy peacy.
-- There are a quadtrillion config-files in /etc/ and $HOME/.ssh, ssh+sshd, ssha, certificates,..... 
The more I want to dig into a topic (even if it's a simple thing like ssh), the more I feel overwhelmed by the tremendous deepness of the topic.
Soo... time to dig deeper into a relatively new topic for me :)) 
@simpletech
For start checkout public key authentication, don't enable root login, change port to something other than 22 and if you are only person which connects to server check out also IP whitelisting. SSH config file is located in /etc/ssh/sshd_config. IP whitelisting can be done with /etc/hosts.allow and /etc/hosts.deny but there are other ways to do it, fail2ban is one of them
@nikolal thank you for your help! I'm trying to connect to my home-server (a small raspi) via public-key authentication but: step-by-step. I don't even know YET how to configure it in a secure way :)
It's always the same: you don't know anything, you are frustrated, you try it, again and again, it works... or it doesn't... you are frustrated... but then it works (somehow!) 
@simpletech I also use ssh to connect to my home raspberry pi, if you need anything feel free to ask me