webdoctor - 3:30 pm on Mar 19, 2007 (gmt 0)

OK, some sites may need it running 24/7 but there's probably a lot of sites which don't and would be wise to shutdown the ssh server when not in use.[snip]

IMHO techniques like this just set you up for trouble later. Great idea in theory, not sure how good it is in the real world.

Would you want your locks on your front door to only function between 7am and 8am, and between 5pm and 7pm? What happens if you leave something at home and need to call back for it at lunchtime?

If your webserver stops responding mid-morning, do you want to have to wait until the designated 'ssh-time' to get in to fix the problem?

Personally, I'd suggest configuring ssh to only accept public key authentication, and leaving ssh open all the time. The password-guessers can grind away all they like on my servers if the only way in is to use my private key. Saves remembering a complex root password too.

For those who are completely paranoid, you should disable ssh completely and access your server via serial console redirection provided by your ISP....

...you DO HAVE a serial console configured, don't you? They've saved me more than once. Far more useful (and more secure) than an extra ip address for ssh.