A few years ago a vulnerable compression library almost got pushed out that major Linux distros linked their OpenSSH implementations to. That was caught by blind luck. I'm confident there's a lot more shit out there that we don't know about.

> This is just FUD.

No, it's just opsec.

> Sure, scanners will keep pinging it, but nobody is ever going to burn an ssh 0day on your home server.

I wouldn't be so sure about it, considering the things I have seen.

I'd better be safe than sorry. You can expose your SSH if you prefer to do so. Just don't connect your server to my network.

"opsec" includes well defined things like threat modeling, risk factors, and such. "Things I have seen" and vague "better safe than sorry" is not part of that.

There are two golden rules of opsec:

    1. Never tell everything you know and seen.
    2. 

For what I do, you can refer to my profile.