This relates to this question here:
I may be pressured to run SFTP (FTP over SSH).
One thing I don't like is that it would require me to open up the SSH port (port 22) to the Internet (all IP because my SFTP users will be dynamic).
Can anyone give me any security guidelines (specifics) on locking down SSH?
Specifically one option I would like help with is the possibility of running SSH on two ports? One that supports interactive logins, and one that has it disabled (SFTP only). That way I can still limit access to the admin SSH port. Is that possible?