Both SSH and NRPE are used to perform checks on remote machines. They can be set up to perform the same tasks. There are some differences and each solution is better in certain conditions.
SSH-based checks are easier to set up from a network and administrative perspective. All that is needed is to put a set of plugins on the machine, create a public key-based authentication, and you are all set to go! The main advantage of this method is that it uses the existing network protocol, which is usually running and enabled on all Unix-based machines. This way there's usually no changes in firewall configurations to pass traffic related to the Nagios checks if the server that Nagios is running on can already connect to other hosts using the SSH protocol.
Security and performance are the trade-offs. As SSH is a generic protocol, Nagios server can run any command on any of the machines that it can access. One way of limiting this problem is to set up a restricted shell for the user that performs the checks or configure authorized_keys file to only allow running specific commands.
Another problem with this approach is that SSH is a complex protocol, and the overheads related to connecting to a remote machine and running a plugin are high. The main problem occurs where one central Nagios server performs a large volume of tests over SSH. The problem will not be significant on remote computers, but the central server will require more processing power to handle all of the checks in a timely manner.
NRPE is an alternative to SSH. It is a daemon that is installed on remote computers that allow the running of checks. The main advantage of this approach is that it offers much better security and granularity out of the box. The administrator of the remote computer can configure NRPE to accept connections only from certain IP addresses and to allow the execution of only predefined commands, without taking any arguments into account. So, there is very little chance of a security issue because of NRPE-based checks. Another advantage is that the NRPE protocol requires much less overhead and frequent checks do not affect the central Nagios server as much as the SSH protocol.
There are some downsides to NRPE. The first one is that it needs to be set up on all of the machines that will be monitored in a remote manner. In addition to this, all configurations for the checks are kept on the remote machines. It may make it much harder for system administrators to maintain changes in the configuration when monitoring a large number of machines.
Usually it is quite obvious which solution should be used in which case. There may be cases where it's easier to use the existing SSH daemons. In other cases, security or performance is more of an issue and NRPE is a better choice. In some other cases, a custom solution will work best. How you should proceed is a matter of knowing the best tool for a particular case. In all cases, doing checks from the remote computers is not as easy as doing it locally. But, it is also not very difficult if you are using the right tools.