Re: shh port listenning by default?
It's fine that you closed it as long as you don't expect to need access to it. Even if one leaves it open, I like to change the allowing of root login to no, and in a small effort of security by obscurity, change the default port from 22 to something else.
As to why it's open, the assumption is that you'll want it open. This may (or may not, simply speculation on my part) have something to do with the fact that RH itself is usually used in business, where there will probably be remote installs, with no other user save root created during the installation, and ssh being the most common way to reach the machine after installation.