It's really not that hard to find SSH servers running on a non-standard port.
nmap or a similar port-scanning software package can find ports listening for TCP connections. There are software packages -- don't recall names off-the-cuff, but I'm sure that you could go dig one up -- that connect to ports and then aim to identify the protocol from a fingerprint out of a database that they have. The SSH protocol has a very readily-identifiable fingerprint, don't even need specialized software.
Let me just bounce to a machine as an example:
$ telnet tals-host.tals-domain.com 22
Trying tals-IP...
Connected to tals-host.tals-domain.com
Escape character is '^]'.
SSH-2.0-OpenSSH_9.6p1 Debian-4
^]
telnet> q
Connection closed.
$
That being said, I don't disagree with your broader point that I wouldn't personally bother with trying to add more layers on top of ssh, as long as you're keeping current on updates.