Is there any reason you need to allow SSH from any IP address?
First thing I would do is set up hosts.deny and/or appropriate firewall rules to block port 22 for all remote hosts except for the machines you will be logging in from to administer the machine from.
Also, require SSH keys, and generate the key pair on a different box, only your public key should ever be stored on the machine.
Security is layered. If you don't need to listen for ANY ip address, don't.
Personally, I do not listen on port 22 for connections from the internet (or expose SSH via any other port). Management network connections only, if I'm not on the LAN that means VPN session first.
Unless you're running a public access shell server, listening for SSH from anywhere is just an un-necessary risk.
First thing I would do is set up hosts.deny and/or appropriate firewall rules to block port 22 for all remote hosts except for the machines you will be logging in from to administer the machine from.
Also, require SSH keys, and generate the key pair on a different box, only your public key should ever be stored on the machine.
Security is layered. If you don't need to listen for ANY ip address, don't.
Personally, I do not listen on port 22 for connections from the internet (or expose SSH via any other port). Management network connections only, if I'm not on the LAN that means VPN session first.
Unless you're running a public access shell server, listening for SSH from anywhere is just an un-necessary risk.