[DoubleCluster]

Sure it does. It does make your life more annoying as you have to specify the port every time (and you have to remember it). Some software/firewalls/proxy servers may have trouble with the nonstandard port. If all that is not a problem then go ahead.

Another very nice trick to hide a service is port knocking.

[ArbitraryCrow]

For a while, I put my home ssh server on port 443. It avoided the SSH credential guessing attacks, and still let me use a port that is allowed out by most firewalls.

However, I eventually went back to port 22, for several reasons. It's annoying to specify a port every time. A lot of networks transparently proxy port 443, which can cause problems with non ssl traffic. The login attempts were exclusively from bots trying known credentials, which will not work anyway. They are not a threat, just an annoyance.

Instead, I use the iptables limit feature to allow no more than 6 new TCP connections a second. This is more than enough for my purposes. Root login is disabled and I'm using a sufficiently complex password on my user account that I don't need to worry about brute-force guessing. Not that anyone has ever attempted such a thing on my home server, but now it will take too much time to be feasible.

I still get the login attempts, but they are much fewer now, and are no more than a curiosity in the auth.log file.

[danielrm26]

Keep in mind that you can just set the port in your SSH config and you won't have to set it every time.

[ArbitraryCrow]

Yes, but it would have to be done on every system that I use to access my server. Also, not all systems use the standard openssh unix client, or they may not allow access to the user configuration files. So changing the port is just an annoyance, and it doesn't really accomplish anything. My real account is safe, and having a few failed login attempts for admin and root in my log file doesn't really bother me.

I am not advising against changing the port; it just has no value for me as I currently use SSH.

[kinneyd81]

Agreed, but don't have to specify and remember it every time if you configure the host in ~/.ssh/config

[danielrm26]

You can just set it in your SSH config for that destination and it'll use that port every time you do ssh destination.com.

[drzaiusapelord]

If your software cant handle port changes then your software sucks. I should have the ability to run on whatever port I like.

[IvyMike]

And still sucky software is a fact of life.