possiblylinux127

XMPP kinda sucks

Always good advise

However, OpenSSH is pretty solid security wise. https://www.openssh.com/security.html

Note: it is best to check the official security pages instead of random websites.

This is security theater

Flaws in SSH do happen but they are very rare. The solution to this is defense in depth which is different than security by obscurity.

To expand on this a bit:

A lot of attacks are automated since the goal is to compromise as many hosts as possible. These hosts are then used in a botnet or sold to people on shader websites to use as proxies.

IP whitelists are not terribly secure and are quite a hassle.

Instead use a overlay VPN or some sort of extra security layer like mTLS or Authelia

With SSH it is easier to do key authentication. Certificate authentication is supported but it is a little more hassle. Don't use password authentication as it is deprecated and not secure.

The key with SSH (openssh specifically) is that it is heavily audited so it is unlikely to have any issues. The problem is when you start exposing self hosted services with lots of attack surface. You need to be very careful when exposing services as web services are very hard to secure and can be the source of a compromise that you may or may not be aware of.

It is much safer to use a overlay VPN or some other frontend for authentication like mTLS or an authenticated reverse proxy.