I've noticed lot of admins change default ssh port. Is there any rational reason to do so?
SSH – Why Change Default SSH Port?
Securityssh
Related Solutions
It is not possible for them to simply hijack your connection and take over your PC simply because you used SSH to connect to their remote server. However, everything you do on that remote server can certainly be monitored. Any passwords you might type in through the remote SSH connection can be captured, but that's because you are sending that data to them, not because they are monitoring your home computer. If they hijack your PTS session, they can do nothing more than you can on their own remote server. It gains them nothing as they already have that much power over their own server. If they type exit, they will end your remote shell and you will be booted off, but they won't gain any control over your computer. That PTS session was on the remote computer and has nothing to do with any PTS sessions you might have on your home computer. There is always a chance there could be a security exploit in your SSH client that might give them some access to your machine, but if your keep your software reasonably up to date, it's extremely unlikely and I wouldn't worry about it.
With that said, there are ways to make you computer more vulnerable with SSH. If you enable certain type of forwarding, they might be able to use that against you. All forwarding is off by default. If you have agent forwarding enabled, they can use any private keys you have loaded in your agent on your home computer but only while the SSH connection is established. An agent does not allow anyone to steal keys, but they can use them as long as you are forwarding it to their server. You should never enable agent forwarding to an untrusted computer. X11 forwarding can allow them to launch applications and even take control of your X session. OpenSSH, by default does some filtering of the X11 protocol when forwarding (unless you have ForwardX11Trusted enabled) and so they can't take over complete control, but they can still load windows on your X session. Again, X11 forwarding needs to be used cautiously.
Best Answer
The most likely reason is to make it harder for people randomly trying to brute force any SSH login they can find. My internet-facing machine uses the default SSH port, and my logs used to be filled with stuff like this (excerpted from an actual log file):
These days I use DenyHosts to block IPs that fail to authenticate too many times, but it's probably just as easy to just switch ports; virtually all brute force attacks of this kind aren't going to bother scanning to see if your sshd is listening on another port, they'll just assume you're not running one and move on