What are the security pros and cons of
(a) disallowing root logins over ssh; requiring the use of su or sudo to acquire root privileges
(b) not installing su or sudo; allowing root to login over ssh by private key only; that private key not being held indefinitely in a ssh agent but loaded temporarily when needed
?