eriky - 9:18 am on Mar 19, 2007 (gmt 0) So my addition to this thread:
Changing the SSH port or a dedicated ip just for the ssh server are not good protection. Changing ports or ips might give you a bit more safety but someone who really intends to hack your server is not stopped by a different port or even a different ip.
It does save you some bandwitdh from all the scanners though (I have on average about 500 attemps to login through ssh on my servers). But these will only be a real problem when you have extremely weak passwords, like apache/apache or backup/backup.
Do not give customers shell access by default. If they ask for it, give them a chrooted shell wherever possible. Customers tend to have very weak passwords!
So my addition to this thread: