In general you want to avoid having excess services installed on servers. Given the sensitive job of Active Directory domain controller computers (storing user credentials and performing authentication) you should be even more concerned about them than, say, a file server.
Having said that, though, a server computer with no software installed would be pretty useless. You need to make a risk assessment, weigh that against the benefit provided by the software, and decide on that basis. That general process is what you need to work through for each service you expose (even if it's just something you do "in your head" versus a formal process). Wantonly exposing services without weighing the risk (or worse, exposing them when there's no benefit-- think default IIS installations in Windows 2000 Server) is a bad idea.
To speak to your particular query:
OpenSSH has been subject to a fair amount of scrutiny by the community, given the nature of the service it provides. Unfortunately, to allow sshd
to impersonate users you're going to have to run it with a fairly privileged credential (SYSTEM, in most cases) so a bug in the daemon itself could result in a remote SYSTEM-level compromise. Admittedly I think the chances of such a compromise in OpenSSH are fairly low but it's still a possibility.
You should have some kind of rate limiting on inbound connection attempts (to prevent DOS attacks-- I like sshd_block, personally). You should think strongly about allowing certificate-based logons only (rather than passwords). You should limit the number of users who can access to the server via SSH to only those who need access. You should disable port forwarding and / or SFTP if you don't need these features.
A summary of my feelings would be as follows: Think through what you're doing and do your "homework" when setting things up and you'll be fine.