SSH offers a highly secure channel for remote administration of servers. However, if you face an audit for regulatory or business requirements, such as Visa/Mastercard PCI, you need to be aware of some potential authentication related short-comings that may cause headaches in an audit. For example: * There is no way to control which users have public key authorization * There is no way to enforce passphrase complexity (or even be sure that one is being used) * There is no way to expire a public key https://www.howtoforge.com/secure_ssh_with_wikid_two_factor_authentication