"This is easy, just changing a few lines in
AllowUsers [usernames or groups separated by spaces]
"Remember to restart sshd whenever you change the configuration
file. Specifying an alternate port reduces brute-force login
attempts by a lot. Yes, everyone knows that this option is
available, and no, it wouldn't be very hard to script brute-force
attacks to scan for the open SSH port. But they don't, and a side
benefit is it cuts down the clutter considerably in your logfiles.
You must select an unused port, which you can find in
/etc/services. Be sure to enter your alternate SSHD port in this
file so you don't forget.
"Never ever permit a root login over the Internet. If you need
root privileges, log in as an ordinary user and then su or sudo
after logging in. (In the next installment in this series I'll show
you how to restrict sudo to specific commands.)"