Not by itself, no. But if you also use CSF’s “Port Scan Tracking” feature on all the commonly-abused default ports (including those for other operating systems, like 3389 for Windows RDP), you at least stop the bots and script kiddies. (It may also be doable in fail2ban. I’m not familiar with fail2ban other than knowing that it exists.)
Agreed. But a lot of attackers (probably most) are dumb bots and random miscreants.
Another reason why CSF is a good tool. All you have to do is fill in the ports and protocols (in a GUI, mind you) to enable it. It’s configured, but not enabled, by default. There are reasons why @Ilia and I love CSF.
Maybe these and other SSH-hardening strategies (keys, authorized users, etc.) can be built into Virtualmin so they can be done from the GUI by less-sophisticated users. They’re really not all that hard to do from the terminal, but they carry the risk of users locking themselves and other authorized users out due to syntax errors and other dumb admin tricks.
Then again, if Virtualmin can modify those settings, then Virtualmin itself becomes a potential security risk. So maybe not.
EDIT: The other benefit to changing the service port is that it gives the SSH daemon a break. The failed logins reported by SSH are typically zero when it’s running on a non-standard port. They’ve all been swatted away by the firewall like so many flies.