Privileged ports can be used by processes that are running without root permissions. So if the sshd process would crash or stop for some other reason, any malicious user process could pretend to be the real ssh server without privilege escalation. To be fair this isn’t really a concern for single user systems. But setting up fail2ban or only making ssh accessible from a local network or VPN would probably be a more helpful hardenening step

And regarding port 2222 it is the most popular non-provileged port used for SSH according to shodan.io So you ain’t gaining much obscurity

Running SSH on a non-provileged port brings new issues. And using 2222 doesn’t bring any meaningful security by obscurity advantages.

The rest of the options look nice. It would have if there would be explanations on what the options do in the example configs

Luckily everyone on my field publishes their papers (preprint) on arxiv as well

The source code for it can be found on https://codeberg.org/wintermute/lemmymap/src/branch/development

But with Wintermute going missing and feddit.de shutting down is has been shut down as well.

Comp-ass

full source https://docs.google.com/document/d/1rTAVSRU60ScQnQADF2WRAPKQFWRfYxM1B-mZCC1B_SA/edit?pli=1&tab=t.0