Relying on security through obscurity alone is a terrible idea, but there is absolutely a place for it. Most of us do not specifically get targeted, but will be affected by automated attacks that look at a large block of ips.
We have continuous distributed dictionary attacks on our SSH servers, with attempts from literally thousands of IP addresses at a cadence designed not to trigger rate alerts.
We moved from port 22, and within days all ports were scanned and the attacks started again on the new port.
We are working on a different scheme to thwart the attackers.
I faced a similar issue with tens of thousands of login attempts from dozens of unique IP's daily on my server. Moving from 22 helped with some of the traffic but not all. Port knocking however did stop anyone from ever even reaching the right combination and had no login attempts since.
