Well it avoids cluttering the auth logs of all the machines with failed ssh attempts, which is, from what I understand, the main benefit of moving the ssh port to a non standard one.
As a side benefit, it also adds a real layer of security (ie you would have to find a vuln in both openssh and openvpn for example).
Key management for SSH can actually be pretty good, you can do pretty cool short lived certificate authentication with ssh using Hashicorp Vault for example. I would still not have my VMs have public IPs, feels like asking for troubles, for no real benefits.
As a side benefit, it also adds a real layer of security (ie you would have to find a vuln in both openssh and openvpn for example).
Key management for SSH can actually be pretty good, you can do pretty cool short lived certificate authentication with ssh using Hashicorp Vault for example. I would still not have my VMs have public IPs, feels like asking for troubles, for no real benefits.