So let's say hypothetically I am going to be away from my desktop but I'd like to be able to SSH into it when I am out and about.
Is it as simple as adding a NAT / port forwarding rule to my router page at 192.168.1.1 for port 22?
Let's say my public IP is 1.2.3.4. Then I would add the rule to my router and then I could SSH into my box from ssh arukaj@1.2.3.4?
The proposal in your question is completely correct.
You need to install the OpenSSH server (sudo apt install openssh-server) and then set up port-forwarding on your router. You will, of course, also need to add an exception in your local computer's firewall configuration for SSH.
It's also usually advised you force public-key authentication instead of using a password for added security.
Also note that you should set up a static IP address, just so your port-forwarding config doesn't break at an inopportune time because of DHCP. While most routers will tend to let your computer keep your IP address, this is not always a valid solution and does not account for temporary connection drops. It's typically better to build in a static NAT IP to just have the guarantee that it will work.
When you're out and about, you will just be able to SSH to your public IP, and you'll be able to get to your computer. You may also look into using a Dynamic DNS provider to assign a domain name to your router, so any IP changes pushed by your ISP will also not affect your connection.
Note that there are (very minor) security implications of opening a server to worldwide SSH. Mostly, this will cause your server to be pinged a few times by automated bots attempting to find poorly-secured servers. Not using a standard username (like admin) and key-based authentication will almost always keep them out. If you're really concerned, you can use a port other than 22 (though smart bots or humans will try an nmap if port 22 is closed), use Fail2Ban, or both. Assuming proper security protocols are in place, the absolute worst attack that a malicious bot can pull off is to write a decent number of log entries to your hard drive.
If you're one of those unlucky individuals between multiple layers of NAT (some ISPs will do something called Carrier-Grade NAT), this becomes much more involved. You will either need a VPN or some other means of proxying your SSH tunnel. Of course, you may also be able to request a port from your ISP, though success may vary.
