Im also concerned that its could be a security issue. Before the recent reinstall there were logs which showed numerous failed login attempts from randoms ips, hundreds of them presumably some sort of bot or something and I wasnt worrying about it becuase it was as secure as I needed it to be.
However now i see very little in the way of logging about failed ssh attempts (which i dont believe stopped) which leads me to believe that this may have been something i did on the last install which i cant really remember now. I have hazy recollections about trying to secure the pi a bit more with a firewall or ssh rejection after 3 attempts or something.
After a bit of googling i recall stuff about fail2ban which will block too many failed login attempts. I dont know if this is how i did it before, im sure there are plenty of options of how to do that in linux but I have installed fail2ban as per here:
im hoping that will stop this being an issue going forward without having to worry about rebooting to be able to login remotely.