If you have a network, the recommended way to secure ssh is to use the AllowUsers statement with a username and ip address. It will limit connecting to the server to just the username and ip address specified and no one else, for example, AllowUsers user1@192.168.1.69 allows the username user1 that’s required to be previously already created on the server, and it must have the ip address 192.168.1.69 and this one line statement will block all other connections that do not have that username and unique ip address.
So say you want to secure a computer with an ip of 192.168.1.106 and you already installed ssh on it, and want the following computers to connect to it, 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, and 192.168.1.5, then create five AllowUsers statements at the end of your /etc/ssh/sshd_config on the server to do this.
AllowUsers user1@192.168.1.1
AllowUsers user1@192.168.1.2
AllowUsers user1@192.168.1.3
AllowUsers user1@192.168.1.4
AllowUsers user1@192.168.1.5
The same username is used in each statement or vary the username (whatever), and only these five computers on the network are allowed to connect to the ssh server, after you restart the ssh server, service ssh restart. Now you have a secure network to connect to the server computer without worrying and can rest easy knowing that AllowUsers is preventing any attempts from any bad or unknown computers actually connecting to our safe network. This is how I secure my production servers and computers to them to connect with each other including to connect server to server this way.
A friend made the note that these ip addresses may change, so either make these non-routable ip addresses static, or get static ip addresses from your Internet provider. You don’t want to be locked out of your server.
Happy coding.