I would recommend moving sshd to listen on another higher, random
port. e.g. 12345.
I'm not a fan of changing the port of ssh (or any other service) just to
avoid attack. You will find you can't ssh out of some locations that have
restricted the outbound services.
Also, make use of the ssh config file to limit incoming connections
to known IP addresses.
Definiately true if you are sure that you'll never want to ssh from
another location.
And best of all, require the use of sshe keys to login, not
passwords.
Absolutely. I strongly encourage all users to move to key authentication
for ssh. A private key can be carried on a usb stick.
Rob
--
Robert Brockway B.Sc. Phone: +1-905-821-2327
Senior Technical Consultant Urgent Support: +1-416-669-3073
OpenTrend Solutions Ltd Email: support [ at ] opentrend [ dot ] net
Web: www.opentrend.net
We are open 24x365 for technical support. Call us in a crisis.