- Change the default port
I could do that, but if they already know about it, a simple port scan and they'll probably find it again. Plus I gotta go tell all my client programs the new port and I don't know how to do that on most of them (what a hassle).
If you're talking about people who are just scanning your machine and then doing brute force on the port, changing the port likely will solve that since these are just automated robots. A human might actually do a portscan, but just a port change will probably stop your security logs from going crazy.
Of course the hassle part may be a show-stopper here. :)
- use only SSH protocol 2
got it.
- Install some brute force protection which can automatically ban an IP
on say 5 / 10 failed login attempts
The only software I know that could do this isn't supported anymore (trisentry) or is too confusing and I don't know it yet (snort). Suggestions?
denyhosts is pretty widely used. You could probably also make use of iptables.
- ONLY allow SSH access from your IP, if it's static. Or signup for a
DynDNS account, and then only allow SSH access from your DynDNS domain
Yeah my home account is on dynamic IP. I'd love to setup the firewall to only allow my home computer. You're talking about these guys? http://www.dyndns.com/ never used them before, but it looks like a good idea. Especially since it's free (for 5 hosts) if I read correctly.
Ray