You could use Tailscale just fine (ssh or full remote desktop). What you can do is to limit the access to that, only from specific IP(s) and users. For example you could use a specific VPN IP always to access your node. That way you limit drastically all possible intrusions. And if you travel a lot (so you will have a dynamic IP), using that VPN helps you also for many things.

But the general rule is to limit the times you were doing these remote maintenance.