Back in December, I mentioned some tips and pointers on how to hide an SSH server’s world-accessible port inside a Wireguard tunnel (so that without an established Wireguard tunnel, the SSH server can’t be remotely accessed):