Is setting a very strong password enough to secure an SSH on port 22?
Remember that YOUR password may be very strong while other users may possibly have really weak passwords. Put AllowGroups
or AllowUsers
into /etc/ssh/sshd_config
to switch off ssh access for other users.
Also remember that your password may be too safe: This password will almost certainly get written down.
Having said that I think you're pretty safe; if you combine with port knocking or so you are very safe.
It all depends on how fast an attacker can hammer on your tcp/22 port for logins. If you're not using something to terminate such repeated connections, in time any password can be discovered. In this case, time will be a very long time. Months of constant hammering. In the SSH logs I've taken a stroll through I've seen little directed hammering against specific accounts, and lots of door knocking looking for weak passwords.
However, you can't assume all attackers are casual. Someone targeting you specifically will have the investment to wait several months to break in. It's for reasons like this that shared-key is preferred where possible. The password you describe is very likely to be three-nines impossible to crack (in reasonable time constraints). I wouldn't hold my breath for five-nines.
although rare, there are still 0-day exploits... so you never know. maybe you can limit access to port 22 [on firewall level] just to few hosts/networks?
or maybe you can go security-though-obscurity way and implement port knocking?