Now, we don't want root logging in via SSH at all. If you need to do some task as root you should be using sudo anyway.. it's much more secure. To do this we change or add the line that says "PermitRootLogin no".

You can also specify a list of users which are the only ones that can login via SSH. To do this, change or add the line that says "AllowUsers me,trusty,john". It's just a comma separated list of usernames.

This one is very important if, like me, you can't change the port on which your SSH server runs. Change or add a line that says "MaxStartups 3:75:10". This is called "random early drop". The format is ``start:rate:full''. If you specify random early drop, sshd will refuse connection attempts with a probability of ``rate/100'' (75%) if there are currently ``start'' (3) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches ``full'' (10).