this can be fixed by just using random ssh port

all my services are always exposed for convenience but never on a standard port (except http)

It reduces the noise, yes, but doesn't stop a determined attacker.

After managing a fleet for a long time, I'd never do that. Tailscale or any other VPN is mandatory for me to be able to access "login" ports.