[ArbitraryCrow]

For a while, I put my home ssh server on port 443. It avoided the SSH credential guessing attacks, and still let me use a port that is allowed out by most firewalls.

However, I eventually went back to port 22, for several reasons. It's annoying to specify a port every time. A lot of networks transparently proxy port 443, which can cause problems with non ssl traffic. The login attempts were exclusively from bots trying known credentials, which will not work anyway. They are not a threat, just an annoyance.

Instead, I use the iptables limit feature to allow no more than 6 new TCP connections a second. This is more than enough for my purposes. Root login is disabled and I'm using a sufficiently complex password on my user account that I don't need to worry about brute-force guessing. Not that anyone has ever attempted such a thing on my home server, but now it will take too much time to be feasible.

I still get the login attempts, but they are much fewer now, and are no more than a curiosity in the auth.log file.

[danielrm26]

Keep in mind that you can just set the port in your SSH config and you won't have to set it every time.

[ArbitraryCrow]

Yes, but it would have to be done on every system that I use to access my server. Also, not all systems use the standard openssh unix client, or they may not allow access to the user configuration files. So changing the port is just an annoyance, and it doesn't really accomplish anything. My real account is safe, and having a few failed login attempts for admin and root in my log file doesn't really bother me.

I am not advising against changing the port; it just has no value for me as I currently use SSH.