ssh is just about the most secure way you can provide access to a system. But even ssh is subject to attacks. You can reduce the likelihood of a breach even further with a few fairly simple steps. The specifics below are for Ubuntu 16.04, but the principles are the same for any modern Unix.
Someone just asked (on a network operators list!) whether
telnet had a vulnerability, because he knew of a switch that was on the Internet and accessible via
telnet… This was my response.