I tried port 2222 for a while, but scans were still quite common on that port.

Plus, any unprivileged user can start a service on port 2222. Why trust connecting to that vs 22 which insures it was started by root?