Check the manpages for ssh_config, sshd_config & ssh. If it uses the bsd ssh package, then you can use "AllowUsers" with entries like nirmit@hostname or firstname.lastname@example.org. All other entries are not allowed. This makes it easier to use AllowUsers, then to explicitly list all of the system users in DenyUsers.
Don't allow root logins unless absolutely necessary. Also consider using pubkey authentication instead of username/password. Be sure to select a long passphrase to protect your client's private key.
Many people will change the port number that ssh uses for hosts connected to the internet. This reduces the number of script kiddie brute force attacks. This may make things more secure by reducing the distractions, making more serious attacks stand out.
Also look if access control is done by PAM configuration files in /etc/security/. SUN invented PAM so they probably use it.
Last edited by jschiwal; 04-20-2009 at 03:56 AM.