Hi,
before I change and run into troubles: is it possible to change the SSH port and deny root-login for security reasons or does anything internal (sync cluster for example) depend on it?
It is your opinion. We can see millions of brute & forces per day - and do you know if everybody has a "good" password? Atleast it doesnt DEcrease security ...
Disallow direct root - login maybe one of the basic things one should do on machines reachable public. Well, everybody has its own opinion / experiences ... therefor i asked.
Maybe it would be an idea for the future, that the system uses another user to connect the nodes?
Use fail2ban, firewalling, proper sshd_config (root only from certain ips) settings and better authentication methods to increase security.
If you just change a port the brute-force attacks will continue on the other port.
