"You need to have your SSH port exposed to the public internet"
There's never a legitimate reason to expose the SSH port to the public.
If you do, this vulnerability isn't your only problem.
Discussion
It doesn’t matter if your ssh port is public available or not, your system becomes vulnerable with this CVE.