Secure SSH access

Question

I am making a website and I am using a droplet made in digital ocean as my dev server. (No stg or prd yet)

The problem is that I am using Dynamic IP and if I blocked access on port 22 to my current IP, I would not be able to access my server due to IP change. Only way to recover access is to use web console that Digital Ocean provides.

Currently this is not a big problem but I understand that opening port 22 port to all IP is a very dangerous practice and I like to avoid this.

Is there any way I can improve the security of my server's SSH port?

All I can think of is limiting login tries (e.g. more than 3 failed attempts, block IP) and using a Key.

score 2 · Answer 1 · answered Oct 10 '14 at 22:32

2

Use keys, fail2ban is your friend, optionally use a non standard port.

answered Oct 10 '14 at 22:32

user9517

114,104
20
206
289

non-standard port == obscurity != security – Sammitch Oct 10 '14 at 22:55
@Sammitch Sort of, my experience is that it significantly reduces the noise. Less people knocking on the door is better. – user9517 Oct 10 '14 at 22:58

Secure SSH access

1 Answers1