The following tricks require root access to the DV 4 server. More specifically, each trick requires editing the /etc/ssh/sshd_config file.
Change the SSH Port
SSH is usually on port 22 and attackers know this so they will attack the server on port 22. Change the port to anything else and they will need to attack every port to find SSH.
To change the port edit /etc/ssh/sshd_config and find the line:
#Port 22
And remove the # and change the port number to something else in the 10,000s.
Port 13574
Save the file, exit, and reload the SSH daemon.
/etc/init.d/sshd restart
Now, when you ssh into the server you’ll need to specify the port.
ssh <username>@<domain> -p 13574
Special Note: If you’re using SFTP for the system user make sure you change the port in your FTP program as well.
Set Up a Second Root User and Deactivate Primary Root Access
MT explains how to do this and it’s a great tip. They use the user name ‘admin’ in their example. Be sure to use a different name.
Add An AllowUsers Line to the SSH Config File
If you have a limited number of users who should have access to SSH edit the /etc/ssh/sshd_config file and add the AllowUsers directive:
AllowUsers <username1> <username2> <etc>
You can have multiple names by separating them with a space. I typically add the alternative root user I created from the trick above as well as the SFTP system user I create.
Once again, save the file and reboot the SSH daemon.
/etc/init.d/sshd restart
Don’t you feel more secure already?