BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
- All popular VPN methods supported
- Affordable offloaded MySQL & DDoS protection
- 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony
I'd recommend that you install a firewall like CSF that will automatically block IPs that have multiple failed login attempts in a short period of time. You can also take other measures like changing your default SSH port, disabling root login, etc.
█ XeHost.net - Hosting websites since 1999!
█ Shared Hosting, Cloud Hosting, Reseller Hosting, VPS Hosting, and Dedicated Servers
█ End-User Support, WHMCS, and WHMReseller Available on Reseller Plans!
█ Follow us on Twitter - new special every Sunday! @XeHost
Changing the port will avoid 99% of SSH attempts. It isn't any more secure but it does greatly reduce SSH attempts.
The down side to it is that it can be confusing for users. If you're the only SSH/SCP/SFTP user then that doesn't matter.
And if you are the only user, considering firewalling the SSH port so it only accepts connections from your IP. If you're on a dynamic IP you can firewall it to the range -- like 192.168.1.0/24 or 192.168.0.0/16 - which your ISP uses for dynamic IP allocation.
Yes, firewall is not needed to avoid the brute force attack but it definitely can improve your VPS security with firewall installed. Changing SSH port, disable the root login and enable the brute force protection is more than enough to avoid the brute force on SSH.
Expanding on sleddog's suggestion, you can also build yourself a SSH gateway on a $1 vps from BuyVM or another bare-metal provider. This will give you a dedicated IP out there to use when you're on the road. Allow SSH only from that (and your own computer). The gateway will also allow you to give access to another trusted person.
Just remember not to publish the ip on your dns records. Most automated sniffers would just move on past it after its first few attempts.