| What makes you sure, that the daemon listening on port 22 is is a 'true and sanctioned sshd'?
Because of it uses a port under 22? If you have fear that a port of your server listens on any unprivileged port and it than you have far more problems with that box then the sshd.
_If_ a port is opened by a user that emulates the sshd daemon to grab your passwords that means that: a) this is the usual port you use for ssh b) your box is hacked, then the real sshd daemon that usualy would listen at this high port is replaced by something else. That means sombody has root access to that box (the sshd has to be killed for that)- big big OUTCH c) you box isn't hacked but you have some non trustwoth people have access to that box, that use some exploits for rights traversal All in all I would say, constructing a security issue of using a non standard ssh port is academic. If that could be abused you have far more problems on your system than that changed ssh port. On our production servers I use the following: 1. ssh access with keywords is disabled
2. ssh access for root is not allowed
3. ssh access is allowed from one trusted IP address only
4. restrict users with access to ssh to only the needed ones
5. users with git access get as shell '/usr/bin/git-shell' optional: If you're paranoic like me and like some technical baublery you step 3 this way that users have a VPN to the server with the trusted IP |