You could say that for any service though, yet we still run services on standard ports. Why? Standardization.
Apart from the usual suspects such as rate limiting, only allowing public key authentication, using/enforcing sensible passwords, and/or blacklisting with firewalls (which are also very easy to set up, low cost, effective as well, and objectively better) how about not having a SSH server exposed to the entire world in the first place? Or having only a SSH server exposed, and for the rest nothing? (And even then, it still doesn't make sense someone in China can access your SSH server located behind your DSL or cable router...)
I’m not talking about your home computer. Obviously your home computer shouldn’t have ssh exposed to the world on any port. I’m talking about a server that needs to have ssh available.
And I would argue while all the options you bring up are good suggestions; 1) they aren’t alternatives to having ssh on a non standard port, they are additional methods and 2) they will do nothing against system level exploits.
If you leave ssh on a standard port, when (not if) an exploit is released you are in a race to patch your system and at a disadvantage. And for what?
Other services are on standard ports for good reasons. There’s not a lot of good reasons to leave ssh on 22. Mostly just laziness.
Apart from the usual suspects such as rate limiting, only allowing public key authentication, using/enforcing sensible passwords, and/or blacklisting with firewalls (which are also very easy to set up, low cost, effective as well, and objectively better) how about not having a SSH server exposed to the entire world in the first place? Or having only a SSH server exposed, and for the rest nothing? (And even then, it still doesn't make sense someone in China can access your SSH server located behind your DSL or cable router...)