If I enable ssh-restricted rule in AWSConfig with remediation.
Can I close the ports with auto remediation and also send a email to the owner of the resource based on the tag information?
When an AWS Config rule is determined as non compliant you can have CloudWatch Events/EventBridge perform an action such as trigger an SNS topic or invoke a Lambda.
If you have it trigger a Lambda, you will receive an event containing the resource(s) that are no longer compliant.
The Lambda function could access these resources tags via the AWS SDK which would grant the meta data over whom the email should be sent to. You could then take this information and send an email using a SMTP library to an external service (such as Amazon SES).
This Lambda could also remediate any issues via the AWS SDK.
Take a look at the How can I be notified when an AWS resource is non-compliant using AWS Config? page for some guidance on setting up the event part of this flow.