My home internet has a dynamic ip and seems like it changes sometimes almost every day. I'd like my server to be as secure as possible, so right now I could deny all for port 22 except from my ip address.
I can see this getting rather annoying to have to use console access because I technically "lock myself out" every time my ip changes.
Is there a simpler way to secure this port?
Ask your ISP for a static IP address if you really need it. You may have to pay, or not, depending on the ISP. That's the simplest way.
Other than that, you could restrict access to your ISPs subnet so that any IP address you are assigned will work, but then so will all the rest of the ISPs customers on that subnet. Which maybe you can live with - I wouldn't.
I would say if you want to really secure your SSH access, use certificates for logging in instead of passwords. A 1024 bit password will take a long time to crack...
I think I'm missing a little bit in the description. You mean your internal network is DHCP'd, or your provider is changing your IP address?
If you just want to make sure you have SSH access to your machine, you can use an authentication key instead of a password, and only authorize your remote machine to have access.
I also install denyhost, which you can configure so that if someone tried to access your machine and failed the password three times your system bans the IP. It can also download a list of blacklisted IP's from other denyhost systems, and you can configure if the ban is permanent or how temporary you want it.
EDIT re-re-reading, I think I see your problem...you have a home system to access, you want it to allow from a static IP, but your remote IP keeps changing so you can't set one specific IP to allow your connection from, yes?
In that case the above things I outlined (key authentication, change ports against an automated script, denyhost) should be more than enough in your situation.
For security through obscurity (it only helps against automated scanning, really) you can change the default port to something else at the firewall/router.
If you're saying your system is DHCP'd in your network, you need to configure it to have a static IP and forward the port to that IP.
You could setup an account with a dynamic DNS provider (like http://www.dyndns.com) then allow access by hostname rather than by IP address.
Other than that, setup an SSH key for authentication (http://pkeck.myweb.uga.edu/ssh/) as the existing answers have suggested.
