My assumption is that if @antonis is helping some other user and clearly he understands the options being presented, he can assess what is appropriate security, and what is not, and how long the port should be open for, etc.
I monitor my network fairly closely. Based on that monitoring, if you open SSH on a random port (not on port 22) then you don’t get a lot of attacks (in fact none or close to none) and the assumption is that passwords are strong, so that is a second line of defense.
Also, the default Linux SSH server allows you to specify which users are permitted to use remote access (so you could completely deny the inexperienced user remote access if you are concerned that the user will not keep a strong password).
At the end of the day, a network with an open port is very likely to be less secure than the same network without an open port. That can’t be denied.
I periodically scan my network from the internet, looking for open ports, in case there is something that has been inadvertently left open for longer than it needed to be.
One comment though:
That is IPv4 only. Once we get to IPv6 (I have dual stack) - and I assume that one day IPv6 will be unavoidable for everyone - you can’t rely on a “private network” for “security” any more, so you need to be more focused on what you are actually blocking at the gateway and what your actual configuration is for what you are allowing. In some ways, I don’t mind that i.e. being forced to be more explicit about what is supposed to be allowed and everything else is not supposed to be allowed.
(There are exotic alternatives if a user doesn’t want to face the full reality of an IPv6 world.)