...which is fine up until someone forgets to use visudo and buggers up the sudoers file so nobody can get back in to fix it.
A user login followed by su to root is a valid alternative, but I wouldn't have a problem with allowing key-only root access via sshd either.
You'd want the root key/password to be very tightly controlled for the reasons you mention, but having it set is (IMO) a worthwhile backup plan for when things go wrong.
A user login followed by su to root is a valid alternative, but I wouldn't have a problem with allowing key-only root access via sshd either.
You'd want the root key/password to be very tightly controlled for the reasons you mention, but having it set is (IMO) a worthwhile backup plan for when things go wrong.