His argument is essentially that people are not toxic enough in online meetings to innovate.

Public key auth, and fail2ban on an extremely strict mode with scaling bantime works well enough for me to leave 22 open.

Fail2ban will ban people for even checking if the port is open.