Security through obscurity is generally a bad idea. The author proposes using ipv6 addresses because... the address is harder to guess? They don't want to patch vulns so they're scared of being scanned?<p>You shouldn't be using password auth in a public-facing ssh server anyway (use keys!) but if you are, fail2ban is good for locking out brute force attempts. You can also use iptables to restrict access to just certain IPs/subnets. Alternatively, run your own mesh VPN with tinc and configure sshd to only listen on the vpn address (this is the best solution).<p>Non-standard ssh ports are also an option, but keep in mind using unprivileged ports (>1024) opens other attack vectors so you probably shouldn't.