Question about open ports

What’s up guys? Do you think it’s better to set my remote harvesters up via SSH forwarded ports, or to just use the Chia config method? I remember using the TLS certs to set everything up on the remote harvester, so I assume all of the traffic is encrypted. I’m just wondering if it would be better to keep this port on my router closed and just do everything via SSH? What do you think?

I opened the farmer port to the internet, no issues detected. Use allow rules for source ips, or SSH tunnels to be more secure though.