To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.
SSH into server and login as root.
At command prompt type: pico /etc/ssh/sshd_config
Scroll down to the section of the file that looks like this:
Code:
#Port 22 #Protocol 2, 1 #ListenAddress 0.0.0.0 #ListenAddress ::
Uncomment and change
#Port 22
to look like
Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number)
Uncomment and change
#Protocol 2, 1
to look like
Protocol 2
Uncomment and change
#ListenAddress 0.0.0.0
to look like
ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server)
Note 1: If you would like to disable direct Root Login, scroll down until you find
#PermitRootLogin yes
and uncomment it and make it look like
PermitRootLogin no
Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.
Note 2: You can also create a custome nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.
Now restart SSH
At command prompt type: /etc/rc.d/init.d/sshd restart[B]
Exit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port.
[B]Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.