Check out post #11 here: for details on setting up ssh+ sftp + keys + limiting to only sftp. If you don't lock down her account to sftp-only access, then she will have remote shell access to the system - which means all sorts of security issues if you don't trust her.

Using only passwords to secure accounts isn't sufficient, imho. Lock down the userids and the specific client-IPs where connections will come. Or you can use ssh-keys. Regardless, use fail2ban to block brute force attacks.

ssh is like a multi-tool for system-to-system connectivity. Pretty much anything that should be done, can be done using some form of ssh. There are lots of tools that use ssh for authentication and encryption of network connections - ssh, scp, sftp, rsync, x2go, sshfs, and many more. Most backup tools use it for network-based backups. I use it as a VPN somethings too.