

MS Azure uses random SSH port for "defense in depth." - rootj
http://social.msdn.microsoft.com/Forums/en-US/WAVirtualMachinesforLinux/thread/c11f3cf0-3b99-4124-9777-c1551b69ed7d/

======
dekhn
Changing the SSH port from the default can be one part of a full defense
strategy. The term "defense in depth" means there is more than one defensive
mechanism, typically so that if a baddie is able to circumvent one mechanism,
they'll be trapped by another. In this case, moving the SSH port massively
reduces exposure to naive port scanners. I agree it's not a particularly
strong protection, but it's a practical one (at least until everybody does
this, at which point the cloud providers will just start adding port
knockers).

~~~
RodgerTheGreat
Indeed. Obscurity is not security, but it can act to harden and enhance any
_real_ security measures which are in place.

------
opdemand
I don't see the issue here. From
<http://en.wikipedia.org/wiki/Defense_in_depth_(computing)>:

> In terms of computer network defense, defense in depth measures should not
> only prevent security breaches, but also buy an organization time to detect
> and respond to an attack, thereby reducing and mitigating the consequences
> of a breach.

