Should I harden my SSH if I only allow my IP in iptables?
Allow root logins
Use same password for all the servers
Use default ssh port 22
Changing each of the above is a strategy of risk mitigation. Changing all of those things doesn't make you safe. Leaving isn't dangerous by nature of itself. It does increase risk, but you might appreciate the convenience more than the risk.
For full TCP exchanges like are required with SSH, controlling the IP access range is reasonably effective against anybody who isn't a part of your network (same layer 2 branch or controlling upstream routing).
You do run the risk where one server compromise could expose the password for all, but you've limited where one can use the password from.
... but if the convenience is worth it, you feel ok, and these aren't subject to holding somebody else's important data, go for it. Just know why one would make those changes and what you're giving up for the convenience.
The answer is always yes. You never know what could happen.
If it were me, I'd:
- lockdown ssh
- set up private/public key logins for a normal user to automate the login
-
su -
once I logged in
Because it just isn't worth the worry
(This has the added benefit of allowing access from anywhere you have putty and your ssh key)