One simple way to keep your server public but almost impossible to hack via SSHis to disable password authentication over SSH. This means the only way in is via your own private key that only you should have.
Edit your /etc/ssh/sshd.conf file
Set this option
PasswordAuthentication no
Restart your SSH server.
service sshd restart
........
Just a note before you do this you should have a sure, guaranteed way into the system such as local, KVMor preferably publickey making bruteforce SSH absolutely impossible since there is no password to bruteforce and even if someone knew the password they wouldn't be able to login except from the local console (presumably you should make sure no one unauthorized has physical access).
1. Edit /etc/ssh/sshd_config
Find the section like this:........
It's a great feature to ward off bruteforce but is also annoying because you think you have the wrong password when you can't login.
How to Disable cp hulk for 5 minutes
/usr/local/cpanel/etc/init/stopcphulkd........
A lot of people become nervous (and understandably so) when checking their auth or security logs, in Centos /var/log/secure and see dozens, hundreds of even thousands of attempted logins to various services, especially SSH.
Of course you could manually block these people/IPs but no one has time to read the logs like that, what if some program or script could do it for you?
This is what denyhosts does for you, it checks the logs and based on a certain number of failed SSH attem........