We often have systems that have run for years with no connection to the outside world, and now suddenly an Internet connection is added and ssh access is set up. Unfortunately, many users have weak or even blank passwords.
If only some users need to use ssh, it's best to set up new users with strong passwords and restrict ssh to only those users.
You do this by adding a line like this to /etc/ssh/sshd_config
AllowUsers doug essex
Restart sshd after making this change (you can even do that if you are currently logged in over ssh). Only those users will be allowd ssh access.
Dave DiPietro noted: SCO versions may put the sshd configuration file at /usr/local/etc/sshd_config.
Got something to add? Send me email.