Comment Re:The Rules of Security (Score 1) 539
A good compromise is to make sure your sudo setup is good, and disable root logins via ssh completely. You can combine ssh with a utility that will drop in temporary (or permanent) ipchains rules denying IPs or an IP block access to the ssh port after a number of bad password guesses. This way, you won't need your private key if logging on from another host, but still have good resistance against people trying to crack root from remote.