|Change port 22 to something non-standard
||Reduces your vulnerability surface dramatically by taking a well-known parameter out of equation, not applicable if you have a general purpose server. Security by obscurity ? Yes. However, there are many script kiddies out there bombing port 22 wherever they find.
||Conf.file etc\sshd_config: port
|Reduce the maximum number of concurrent unauthenticated con-
|Reduces your vulnerability surface by allowing a smaller number of potentialy dangerous attacks simultaneously.
||Conf.file etc\sshd_config: MaxStartups (default 10)
|Turn off authentication by password. Use public key authentication instead.
||Eliminates the most widely used technique of potential attacks: cracking passwords.
Conf.file etc\sshd_config: PasswordAuthentication no
|Restrict access by host
||Use your firewall setting to limit hosts authorized for access
|Restrict access by user/group