Hello Dean, HamWAN operates entirely on a shared admin model. We have a few trusted people who we rely on to manage the infrastructure of the network. This *does* include every client modem, as if the infrastructure changes in the future (It will, I guarantee it) the admins can access the client modems and re-configure to match the changes. This also applies when talking about SSH ports, in that if every modem in the network is using an odd SSH port, it simply becomes unmanageable. We do recommend if it is your preference to add a firewall rule to limit SSH to the 44.0.0.0/8 subnet, which will effectively protect against scanners. (We also run a (reactive) script on our edge routers that blocks IPs that make scanning attempts against devices on the network.) Thanks, Nigel K7NVH