Sure, it'll not stop dedicated manual intrusion attempts, but it will actually prevent a ton of automated bots from even just trying to connect with common passwords through SSH.

Which is irrelevant if you have any one of: strong passwords, no passwords, fail2ban

Which is relevant if you're one to actually look at your login attempt logs.

Worth looking at:

http://bsdly.blogspot.com/2013/02/theres-no-protection-in-hi...

2222 is a dumb choice as an alternative port, it's both obvious and quite commonly used. I'm using a port on 4XXXX-range that's normally not used for anything and therefore not scanned by the bots unless all the 65536 ports are. The automated login attempts disappeared almost immediately, except for a few that were quickly blocked.

Now the logs are clean from automated login bots, the only thing left are real dedicated hacking attempts that is worth pursuing further.

It's what I do, you can't break in a door that doesn't exist, only those you know exist.

>Sure, it'll not stop dedicated manual intrusion attempts, but it will actually prevent a ton of automated bots

Doesn't take long to port scan a server.

Going back to the classics, is port knocking still a thing? (I've been out of this discussion for a while, serious question)

One of my freelance projects uses port knocking, but they're the only one I've worked with that have used it in recent years.

guess i'm going back to port 22...

I'm convinced too. Back to 22 we go.