SSH is for tunneling the database connection.
Pre-requisite: <dbserver> allows incoming SSH connections.
Procedure: Connect to <dbserver> via SSH with port forwarding, such that, say, port 3306 on localhost is forwarded over the SSH connection to <dbserver>:3306. When your application connects to localhost:3306 using MySQL client library, the traffic is tunneled over the SSH connection to <dbserver>:3306. See the documentation for your SSH client on setting up port forwarding.
Alternatively, set up MySQL to only allow TLS, and connect to <dbserver> using MySQL/TLS.
Nonetheless, whether SSH or MySQL/TLS, it's generally a bad idea to make your database directly accessible over the Internet. It's not about trustworthiness of your app's users. It's about trusting that their computers and <dbserver> won't be compromised, and that is usually being overly trusting.