But here's the point: Do you want people to spend their 10 minutes picking good passwords or setting up public key auth or should the spend them switching their server to port 24? Security BY obscurity is bad as the article states and unless you have infinite resources everything is a trade-off.
That's a false choice. No competent sysadmin is going to say "well, I was going to setup a public key but I spent all my time changing the SSH port number, so screw it".
Also when securing a box with public key encryption you should be configuring sshd to disable password authentication and disable root login. Editing an extra line in the config file isn't going to throw your schedule.
You're talking about 10 minutes for a simple way to filter 18,000 attempts down to 5.
Security, like everything else out there, should be prioritized according to ROI. This is a pretty good ROI...maybe not better than picking good passwords, but definitely better than many practices that IT departments advocate.
If you rely on logging as a “high priority” in your security architecture, then it follows that reducing noise is of parallel importance.
Personally, this is why I change SSH ports every time on a public service and add extra firewall rules if possible. If for some reason I want to watch port 22 “attacks”, I can do so.
I’m not even sure I place this in the security OR obscurity categories at this point ... more of a disk hygiene issue.
