[migrantgeek]

I agree. Changing the port or hiding with port knocking is useful especially for keeping logs clean.

Generally, I think it's best to avoid publicly accessible SSH but if needed, changing the port is a good idea.

I always remove password auth and direct root login however even though my machine is now secure, the logs are filled with failed login attempts.

Clean and tidy logs help spot anomalies indicative of real attacks and not someone looking for open port 22 and hoping the combo root/root somehow works.

I don't think it's wise to change the port and consider things safe. All other security advice still applies however changing the default port in addition to locking down access seems like a wise decision to me.