[arca_vorago]

I haven't done that for years, prefering instead to change ports to an uncommon one and even then that port is only opened upon port knocking. My logs are so much easier to parse. (These days in nftables instead of iptables.)

There actually is some security through obscurity, despite everyone loving to bandwagon otherwise.

[hinkley]

You put a wall around your property. It kept the dilettantes out, which means you have free time for something else.

If there’s a buffer overflow attack against SSH then you have security through obscurity. In the meantime you have security and obscurity. Assuming you’re using known rsa keys to login remotely...

[jfoutz]

not sure if that's obscurity. changing the port means you have to scan the whole port range. port knocking gives you another 2-4 bytes of entropy. (a determined attacker will try all the port knocking permutations)

Seems like putting bars on the windows. You're taking a couple of well known steps to make things a little harder for an attacker.

[Larrikin]

The complaint isn't that it is worthless, it is that it is worthless if that is your only security measure.

[wepple]

Or any other trade off you make on the assumption you have more defense than you really do, surprisingly common.