Hi, the more completely you lock down a server, the harder it will be for you to do some useful work on it. These matters require a balance between security and ease-of-use for the admins. Its especially important not to cut your bridges when administering a remote server. Despite many people advising to use keys and change ports etc etc, you really only need to do 3 things to stop dead any unauthorised SSH logins: 1. prevent direct root logins 2. create a user account (just for SSH logins) with an unusual name and give that account a very good password (20 character alphanumeric). Only allow that user to login via SSH. 3. give root a password of similar complexity. Doing just these three will ensure that not only will no-one ever be likely to get in via SSH, but you will be able to SSH in from anywhere from any computer. Furthermore, when doing any work with firewalls or ssh on a remote server, you must *always* have more than one SSH shell open. Don't close the last shell until you have tested your changes and are confident you won't lock yourself out.