The answer for local and internet access is the same.
In my opinion do not an directly root login to the server, same for local or internet access.
On the internet you have more risks, than on a local network.
Use always the private/public key concept!
Check for other security concepts!
Check this post also:
@Todd A. Jacobs
You should also consider the security trade-offs inherent in any control you decide on. All controls require trade-offs in architectural and system security, as well as convenience and usability. Controls around SSH are no different in that regard.
Create a non root user for the access.
You can also jailed this user, to limit what he can do.
An other question is what you wanna do on the remote machine.
You can strict/jailed commands too, so you can do only a view thinks.
And you can create different user for different actions/commands on the remote machine.