To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.
SSH into server as root.
# vi /etc/ssh/sshd_config
Go to the following section:
#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::
Uncomment and change
#Port 22
to look like
Port 3999 (choose your own 4 to 5 digit port number (49151 is the highest port number)
Uncomment and change
#Protocol 2, 1
to
Protocol 2
Uncomment and change
#ListenAddress 0.0.0.0
to
ListenAddress 192.168.0.1 (use one of your own IP Addresses that has been assigned to your server)
If you would like to disable direct Root Login, go to:
#PermitRootLogin yes
and uncomment it and make it look like
PermitRootLogin no
Now restart SSH
# /etc/rc.d/init.d/sshd restart
Exit out of SSH, and then re-login to SSH using the new IP , and the new port.
If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.
Disable Telnet
# vi /etc/xinetd.d/telnet
change disable = no to disable = yes
Save and Exit
# /etc/init.d/xinetd restart