Using a password is inherently insecure and could with enough time be cracked or a password you use could be leaked. Many bots scan port 22 (SSH) on every IP address on the internet looking for default passwords and security holes.
The best way to enable SSH from the internet to your servers on your home network is to have one SSH server that is accessible from the internet. This can be used to forward any SSH connections internally to the network. This "SSH Jump host" should be set up to only allow ssh key authentication, which is more secure than just a password.
We will also allow password authentication from internal IP addresses which will allow people inside the network to copy ssh keys onto the server.
I am using this process to set up a "SSH Jump Host" but the same securing methods can be used on any server that is internet facing.
This guide will be done with Ubuntu Server 18.04 but should be the same for any server running OpenSSH
Install OpenSSH using:
sudo apt install openssh-server
Open up the file at /etc/ssh/sshd_config for editing using a text editor such as nano or vim.
Modify the file to either add the lines below or to amend the parameters in the file to the ones below. In this config file, a # at the start of a line is a comment and won't be read by OpenSSH.
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
MaxAuthTries 5
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
Enable password on LAN
Add these lines to the end of the config file. This will enable password login for anyone on a local IP address.
Change the IP subnet and mask so it is suitable for your network.
Match Address 192.168.0.0/16
PasswordAuthentication yes
Then restart the ssh server using this command
sudo service ssh restart