I think the reason they mentioned more complicated setups is because I'm using an actual old machine at home and unless you know what you're doing you don't want to expose it to the world.
I think poking a hole on port 22 is mostly ok if you only allow key authentication and no password authentication but I don't know enough to give advice on security.
I use a VPS with SSH. I have to ssh in, then I can ssh into the machine at home.
For safety, key authentication and fail2ban would cover a lot. I mainly have the 1 port.
If I need to expose another SSH port to the internet, I can do it, but yes, it would need extra protection since logs are coming from the machine ssh'ing in.
I think poking a hole on port 22 is mostly ok if you only allow key authentication and no password authentication but I don't know enough to give advice on security.