SSH, which stands for Secure Shell, isn't very secure by default, opting for basic password authentication with no other limits. If you really want to lock down your server, you'll need to do more configuring
"Don't Allow Password Logins - Use SSH Keys
The first thing to do is get rid of password authentication completely and switch to using SSH keys. SSH keys are a form of public key encryption; you have a public key that acts like your username, and a private key that acts like your password (except this password is 2,048 characters long). Your private key is stored on your disk, but is encrypted with a passphrase and ssh-agent. When you go to SSH into a server, instead of asking for your password, the ssh-agent connects to the server using your keys.
Even if you're already using SSH keys, you'll still want to ensure that your password logins are turned off, as the two aren't mutually exclusive..."
Read More ...