On Sat, Aug 04, 2012 at 02:37:54AM -0500, Johnny Hughes wrote: > Moving the port to a non-standard port is better than nothing ... but > only be a very slight bit. It might work on the least knowledgeable > script kiddies who only look at port 22, but it will do nothing to hide > the fact that it is an open to the world ssh port on an nmap scan, etc. Depends on what problem you're trying to solve... If you're being targetted by an attacker then, yes, a port scan will expose the port anyway. BUT if you're just seeing random internet noise then simply changing the port will stop this because your random zombie doesn't port scan before hand (it takes too long, especially if you DROP traffic to all other ports). This means that you're not wasting CPU cycles negotiating SSL; you're not wasting disk space on logs, CPU on fail2ban or similar, resources on accepting connections etc etc. Since I moved my port a year ago the number of random attacks on my host has dropped to zero. It's a very very small win, but it is a win :-) -- rgds Stephen