Here's interesting thought. There's UNIX security measure that dates back to old UNIXes: only root can listen on <1024 ports. That's why all old-school services listen on <1024 ports: some random user, running software on your machine can't intercept that port.
People changing ssh port to >1024 port actually reduce security of their systems.
Yes, client will notice that server fingerprint changed. So the question is, how many people will ignore that notice and still enter their password? SSH is a good software in that regard, as it allows clients to notice that server changed, but still it's an attack vector, one you should not just dismiss.
People changing ssh port to >1024 port actually reduce security of their systems.