I have prevented password access and log in using the secret key.
The first two lines of the system status checks read:
SSH Login (ssh) is running but is not publicly accessible at my.public.ip.address:22
✓ SSH disallows password-based login.
I never understood why port 22 not being publicly accessible would be an error. Could be that MIAB normally runs on a VPS somewhere else, so you need to have access to port 22. But if you run MIAB on a private line in a DMZ behind your own firewall I do not want port 22 open.