Is it safe to use SSH via Diode on the public Internet?
Although it is the safest to not expose any surface at all to the Internet, SSH can be one of the safest interfaces to expose - it is made for that purpose. There are many articles on the Internet, such as this one from RedHat, that describe some things you can do to make your SSH setup as secure as possible.
The SSH example in the Diode docs uses "publish -public" to allow remote SSH into a computer:
diode publish -public 22:22
If you want to further secure your system, you can publish your SSH port as private
(only the specific client can gain access) or protected
(only other clients listed in your Fleet Contract can gain access).