I used some software called “Secure Shell Helper” (http://www.gideonsoftworks.com/sshhelper.html) to help secure my Mac mini. You can turn off password-based SSH logins entirely and generate the required public and private key files for installation on your server and any client computers you’d like to connect from. And the keys can be encrypted so that they require a separate pass-phrase to be used before a successful connection can be made. Using key files instead of the normal passwords should potentially protect you more from brute-force dictionary login attacks.

This setup would mean that you can’t connect to your server from just any computer (unless you carry and install the right key file from a flash drive), but if you do most of your administration from one or two laptops, I think it’s a good solution.

-Nate

I think SSH considers first the config file /etc/sshd_config before it reads the /etc/ssh_config file. It does not overwrite the values already set in /etc/sshd_config with the values you set in /etc/ssh_config. Or I am wrong?

Cheers

Dani