It is possible to restrict IP addresses that can access AMP via SSH. This can be configured in the /etc/hosts.allow and /etc/hosts.deny files. You can extend this for other protocols. These files can be found in the /etc directory. See below for a couple of examples.
To allow 10.1.2.3 to access the server via SSH, you could add this to hosts.allow:
And to restrict all access via SSH, you could add this to hosts.deny:
sshd: ALL: DENY