> That leaves noise in the logs - which sure, it's nice to reduce, but using an alternative port can help here.
No, it cannot. As a sysadmin I do not want to get into user training about telling people about alternative ports and tweaking their CLI habits and any scripts that they have.
If you want to further cut down on the log noise get an IPv6 address (and drop IPv4)—good luck to anyone trying to scan a /64 for open ports.
I can cofirm this, I swapped one of my cloud VMs to ipv6 only ssh and after 11 months I never seen a single ip besides mine attempt to login. This was using the default port 22.
You can try, but a lot of ISPs assign a big subnet to each user. Mine for example assigns a /48 to each home user fiber connection.
Even if I make no effort at all to hide things and just select xxxx:xxxx:xxxx:1:: as the subnet (leaving a factor 65535 options on the table) the devices behind it will randomize the next 64 bits meaning you'll have to scan 18 quintillion (1.8e19) addresses to find one.
No, it cannot. As a sysadmin I do not want to get into user training about telling people about alternative ports and tweaking their CLI habits and any scripts that they have.
If you want to further cut down on the log noise get an IPv6 address (and drop IPv4)—good luck to anyone trying to scan a /64 for open ports.