>> Using a non default port is not the solution, because history has learned >> that security by obscurity never worked..... >> > > It's not "security by obscurity", moving the default port is just to not > see all that garbage in the log files - as the automated scripts don't > check for ssh on different ports than 22. > People get those fixed ideas and it is difficult to get rid of them. Of course you should not rely ONLY on obscurity to secure your server. But using a non-standard port effectively defeats *the vast majority* of attacks, which never try other than the standard port. I went from thousands of entries in the logs to NONE. > And save cpu cycles by not having to answer to those requests. > > YES! >> 1: Use Iptables or other firewall in front of server, to only allow a >> selected group of "trusted" Ip's to access the server trough SSH. >> > > Well, that is not always possible or wanted. > > Of course! In my case it is not even possible. >> 2: Enforce Public / Private key Authentication, so that only the users with >> a valid key can access the server. >> > > And yes, you shouldn't be using ssh with password authentication, true. > > Yes! Use only authentication with an encrypted key, e.g. a public/private key pair.