> Scripts are not magic, they must be doing something
Not necessarily. Sometimes they just record potential targets for later manual probing. If the script doesn’t find what it’s looking for (in this example the default ssh port), your server is not recorded. That in itself is a win, even if it’s small.
> So what are you defending against?
It limits the number of people/processes trying to gain access to your server. Would you rather 10 people trying to get in, or 1?
> Those are much better addressed by other measures
Well, ya. Nobody is saying obscurity is the only security layer. You would need to secure it assuming the port is known. As an additional layer, only to (even slightly) reduce the number of potential threat actors, you change the port.
Not necessarily. Sometimes they just record potential targets for later manual probing. If the script doesn’t find what it’s looking for (in this example the default ssh port), your server is not recorded. That in itself is a win, even if it’s small.
> So what are you defending against?
It limits the number of people/processes trying to gain access to your server. Would you rather 10 people trying to get in, or 1?
> Those are much better addressed by other measures
Well, ya. Nobody is saying obscurity is the only security layer. You would need to secure it assuming the port is known. As an additional layer, only to (even slightly) reduce the number of potential threat actors, you change the port.