This won't give you much security (most of entropy is in your password/keyfile), but will highly lower the convenience, because you'd have to use `-p 2177` or put the port number in `$HOME/.ssh/config`.
Same goes to port-knocking.
Just throw in denyhosts/fail2ban, and follow simple rules (no root login, no password/keyboard-interactive logins, possibly, except for special emergency "oh-shit-i've-lost-my-keyfile" account with secure passphrase and non-dictionary username), and you'll be perfectly safe.
You are right about the entropy in one sense. So against a determined attacker the port does not matter.
On the other hand, most drive-by attackers won't bother going for the other ports. Perhaps you can make some argument involving the probability/entropy/information of the attacks vs your defenses.
Same goes to port-knocking.
Just throw in denyhosts/fail2ban, and follow simple rules (no root login, no password/keyboard-interactive logins, possibly, except for special emergency "oh-shit-i've-lost-my-keyfile" account with secure passphrase and non-dictionary username), and you'll be perfectly safe.