I think there may be a compromise solution here... In short: it is good to make people log in as a normal user before trying to log in as root, because that way an attacker needs to compromise a normal user before starting on root. The standard way of doing this is to use "su", but that only accepts passwords, not (more secure) keypairs. On our system, we run two ssh processes - one on the external interface which does not accept root logins, and one on the internal interface which does (keypairs only). A remote user wanting to log in as root must first log in as a normal user, forwarding a connection to the local SSH port, then log in using the key stored on their own machine. As far as I can tell, this is the best of both worlds (although it does take some setting up!) - Andrew Sayers
Attachment:
pgp_FZKNeacNr.pgp
Description: PGP signature