Isn't that just the same thing in different clothes? Just a different protocol offering the same features of authentication and encryption - often using exactly the same primitives?

Is it "Security through obscurity" assuming fewer people are attacking vpn protocols that than ssh? And I'm not sure that's even true

Plus a centralized identity provider, which is a plus or minus depending on your threat model, https://tailscale.com/kb/1013/sso-providers

Introducing obscurity to the process doesn't make it insecure. Criticism of "security through obscurity" is that security shouldn't rely on obscurity. The system should remain secure even if the attacker knows every detail of your system. Here the point of the "obscurity" (if you can call it that) is to avoid blowing up your logs and wasting compute cycles and energy on attempts that will fail anyway.

It allow SSH on another port. There are considerations when deciding to allow SSH on unprivileged ports.

Also, it's a bit tricky to set up but port knocking is a very effective solution, and you can keep the SSH on port 22 if you like.