Secure Shell (SSH) is a program utility that allows you to gain access to a shel

1. Secure Shell (SSH) is a program utility that allows you to gain access to a shell remotely on a system if it is running an SSH server (aka system terminal). Attacks based on the SSH protocol alone are universal across UNIX and Microsoft Windows systems if they are running the same implementation of SSH (OpenSSH is the most common). Opening the standard SSH ports on a router for access to a system running an ssh server without any explicit whitelist/blacklisting will invite much potential malicious activity in the form of attempted logins using general brute force and dictionary attacks (often by checking default system service passwords).
2.  
3. The effectiveness of these attacks can be greatly diminished by a few methods. Not having the port open to begin with is, obviously, the best method. But if you do need to access your system in and outside of your local network, whitelisting IPs at specific local addresses and WAN addresses from abroad (home, work, etc) while blocking everything else is an effective method. If you'd like to access your system from abroad with varying, unpredictable IPs you can install and configure Fail2Ban or equivalent software (unfortunately I don't know a popular windows-equivalent). Fail2ban automatically bans IP addresses for a specified period of time if they reach a certain amount of failed authentication (login) attempts. It can be further hardened by configuring it to use online blocklists such as badips.com and blocklist.de. You can also implement geoip-based blacklisting outside of fail2ban, which essentially blocks all ips within a certain country (for example, many suspicious attempts from China, India, Russia, etc.) but of course, if you travel to any country located within this range you will be denied access.
4. SSH can also suffer from man-in-the-middle attacks. However, each install of OpenSSH-Server generates a unique fingerprint on the system that can be used to identify it. If you verify this fingerprint directly from the intended destination system and record it, you can verify that you are indeed connecting to your intended server and not inputting your user/password on a different system. After establishing your first connection from a system to your destination server, the fingerprint will be presented and you compare your record to the one presented to you. If it has changed, it could mean that the ssh port has been forwarded to a different machine (whether maliciously or not) or that the ssh server was reinstalled, or anything else that modifies the fingerprint on the intended destination machine.
5.  
6. ...You could also not use the standard ssh connection port. It could still be discovered and attacked, but that on top of everything else would be something of a curveball.