sftp key based authentication?

in 2018 its bad practice to expose SSH/SFTP to the wide open internet on default ports

also in 2018 it is even worse to use password auth

need to allow for people who use public/private SSH keys to login as well