Citation? If the guy knew anything about running a hidden service, he would have created a separate one for SSH, with HiddenServiceAuthorizeClient set to stealth. No exit nodes involved, and plausible deniability as to whether the service exists for anyone who crawls the descriptor with a service directory.