trillianjedi - 10:46 am on Mar 19, 2007 (gmt 0)

Changing the SSH port or a dedicated ip just for the ssh server are not good protection.

You misunderstand the purpose of the secondary IP perhaps. It's an additional obstruction to the would be hacker that wants to hack www.example.com. He can't just SSH to "www.example.com", or to the IP that resolves to. He has to find a second IP, and not having any DNS setup for it removes the obvious guesses such as ssh.example.com:22.

Never ever run anything that's for admin only access on standard ports. Ever. And always run SSH on a dedicated IP, or, if you only need access from one machine, blocking all access to SSH other than from your IP address is even better.

To be able to hack a server, you first of all have to find that server.

TJ