Best practices using ssh (continued)


Known hosts / subnets

If you always come from a known host or list of subnets, use the built in allow/deny feature of ssh.  List them in /etc/hosts.allow and set a default deny in /etc/hosts.deny.  In /etc/ssh/sshd_config there are directives to allow and deny various hosts.  

Use your firewall, routers, ipfilter or other such utilities to deny access from certain addresses or address ranges and limit access to certain ports.