This is the method I use. I just don't forward the port at the router.If you are talking about your own local home lan, you should be fine because for an external internet source to get to your ssh port on a machine on your home lan you would need to setup port forwarding in your ISP router.
Port forwarding ssh is incredibly dangerous. Install a vpn. (SoftEther, OpenVPN, or Pritunl or something)This is the method I use. I just don't forward the port at the router.
It's definitely the lazy method and probably not the greatest idea if there's any chance of someone malicious being on the same LAN.