Tcpdump is a command-line packet analyser.
Monitor external traffic (i.e. not originating from subnet) with destination 192.168.1.123
sudo tcpdump -i eth0 "not src net 192.168.1.0/24 and dst host 192.168.1.123"
Monitor traffic from 192.168.1.123 going external (outside of subnet)
sudo tcpdump -i eth0 "dst host 192.168.1.123 and not src net 192.168.1.0/24"
SSH using public and private keys
I have made a guide here: Raspberry Pi: SSH using public and private keys