hardening SSH

[Michael Klinosky]

I use ssh (on my own machines, personal use). My primary box (for ssh, 
it's the my daemon) is on dsl. The only machine that I log in from 
(client?) is on the same ISP, and is on a dial-up line.

I'd like to allow only those IPs that I might dynamically get. How would
this be accomplished? I checked my secure log file (on the daemon box), 
and have examples of IPs that I was assigned. Nota bene: It seems like 
only the first and second parts are consistant. So, how can I specify a 
range thus: 200.100.x.x ? Would I use a zero, or 'x', or ...?

I checked out the openssh website - only man pages. I read the man page,
but didn't see anything related to this. I used Google's linux search - 
nothing this specific.

I figure that I could use either sshd_config's ListenAddress or
/etc/hosts.allow or hosts.deny.

Btw, I figured out how to set up iptables to use a non-default port, and
I use AllowUsers in the sshd_config (on the machine I log into).