Robert Spangler wrote on Tue, 25 Mar 2008 20:33:02 -0400:
Is an option but a waste of time as a scanner will find the port it was moved to.
It's not a waste. Port scanning takes time, so, in general, those brute-force bots just try port 22. Only if someone really wants to hack you and especially you they will go any further. I changed the port on one of my machines because I had to provide SSH access from other nets as well. I have to admit I also reduced accessibility to a few hundredthousand IP numbers from two big providers. Since then (years ago) I haven't seen any brute-force attacks.
The idea of only allowing for strict ip address is good but what if you are on the move?
If you have a static IP address, this is not a problem. You VPN into your home LAN and from there to the restricted machine.
Kai