[snowwolf]

Moving your SSH port isn't really about security. It's about reducing noise in your logs from annoying port scanners constantly hitting common ports. Although that does then have the benefit of making your logs more useful for detecting actual attacks. And it probably reduces some CPU cycles too as an added bonus.

[bityard]

I've had the SSH server for my host on a non-standard port for well over a decade now. My observations:

Back in the mid-2000's, botnets were small, the Internet was slower, and there was a lot of low-hanging fruit. Putting your SSH server on a non-standard port was a good way of reducing log clutter.

Today, though, it doesn't matter. I get as many login attempts on my non-standard ports as I see on hosts running SSH on port 22. This is because for at least the past few years, it has been feasible and indeed entirely commonplace to scan the whole IPv4 internet, 65k ports and all. Companies like Shodan and Censys sell access to detailed maps of basically everything on the routable Internet. There is no such thing as "hiding" a service on some little-used port anymore.

One can make the argument that attack surface is inversely proportional to security, so putting services on non-standard ports is in fact an increase in security. It's just that even back in the day, that increase was too small to seriously consider and today it's microscopic.

[sumedh]

> Today, though, it doesn't matter. I get as many login attempts on my non-standard ports

That is weird, I dont see any login attempts on my non standard ports on my multiple servers.