I ran a lynis audit system on a reasonably fresh ubuntu 18.04 instance, and of the more intriguing suggestions it made was:
Test: Checking Port in /tmp/lynis.AT7qAndGzq Result: Option Port found Result: Option Port value is 22 Result: SSH option Port is in a weak configuration state and should be fixed Suggestion: Consider hardening SSH configuration [test:SSH-7408] [details:Port (22 --> )] [solution:-]
I tried-, but failed to imagine the rationale behind this suggestion. I'm not even sure about what it means... Does it want me to disable sshd altogether? That doesn't sound like a fine idea to me, though. If not, what does it mean, and how is it supposed to "harden the server's SSH configuration"?
The information at https://cisofy.com/lynis/controls/SSH-7408/ is short on details and I also tried checking the source on github looking for an answer, but became none the wiser.
If you can radically reduce the amount of unauthorized attempts to login via ssh, you can employ better monitoring. Just moving the port already succeeds in doing so - few unattended attacks even bother with ports other than 22 and 2222.
Lynis is suggesting to move the port - neither that nor employing something more complicated like port knocking does directly impact your security. But it allows you to see active & determined attackers stand out, as opposed to the default where traces of reconnaissance operations are drowned in an ocean of botnets trying to login with common credentials.
I do not recommend doing this - most likely the extra time for configuring each client to deal (or troubleshooting mistakes in doing so) with the moved port could be used for something more helpful for both system stability and security. You probably do not need to consider this any further unless/until you have such high-sensitivity + high maintenance security monitoring in place.