...
Because of the efforts of the SSecure Shell programmers, the most common attach against systems that use secure shell is a dictionary attack. Hackers attempt to break in to the system by trying lists of usernames and passwords. Having EID based usernames help protect servers because they are not likely to be used elsewhere. Still it does make monitoring the system for security problems difficult because log files will be full of failed login attempts, and in one access to a system is failing even for legitimate users.
When the client contacts the server, it indicates that it wants to use the SSH service by specifying the well-known port number for the SSH protocol. This is port 22. Every Internet service has a well-known port number, but there is nothing says a service has to be made available at it's well-known port. By moving SSH to an alternate port, we can prevent these dictionary accounts. They would be required to scan the entire range of port numbers until they found the SSH service.