> Typically you want to know who is connecting to what server via what service and log these connections. If something is off, an alert can be generated. If ssh isn't served on a standardized port, logging and alerting becomes more complicated - albeit not impossible.
Could you elaborate on that? I serve ssh on a non-standard port precisely in part because it drastically cut down on the noise of failed log-ins, to the point where when I check the logs I'm almost the only one who actually bothers to try to log in via that port. That seems like a win to me.
Not the OP but I assume what they mean is that if you have network-wide monitoring across a network with lots of servers then it won't be able to easily make sense of what is happening if servers are all using non-standard ports for things.
Could you elaborate on that? I serve ssh on a non-standard port precisely in part because it drastically cut down on the noise of failed log-ins, to the point where when I check the logs I'm almost the only one who actually bothers to try to log in via that port. That seems like a win to me.