Disabling password authentication and allowing only public keys will absolutely prevent any brute force user/password attacks from working. The logs will still be flooded though in the default configuration.
Easiest way to change the port exposed to the internet is to change it in the router port forward settings and leave it set to 22 in OMV if the roter will allow the ports to be different.
Yeah... On my laptop (at home)... I installed a terminal app that points at my server and using a public key (although I've not disabled password auth)... then put a link to that terminal in my panel. Now I just click that terminal, and I'm logged in to my server via SSH (as a user). I do this more for ease of use, as port 22 is not open
For remote SSH access... I reverse proxy'd a wetty container. When I go to the URL, it requires a username and password. Would that be vulnerable to a brute force? I've never really thought about it, but I've never saw anything weird in my logs. Just always assumed it was safe as it used SSL