true enough... the fail2ban messages are bad enough without running SSH on port 22... on the flip side, it sucks in other ways if you want to use SSH for something that isn't complete host access (terminal based BBS for instance).