Are you sure that -C is a good idea? Wouldn't it be possible in theory to exploit something similar to CRIME/BREACH?

> root@your-vps

People allow for root ssh connections?

Yes, what's wrong with that?

Security is multi dimensional matter, you can't just rely on rules like "no ssh to root" or "password should be more than 20 characters".

In my case ssh is allowed from 2 IP addresses (much more useful rule then "no ssh to root "btw!) with key auth (passwd auth disabled). Don't see any problem with that.

Some do, although I too prefer non-root but used it for the simplicity of the example.

> People allow for root ssh connections?

Keys should make it secure, and a personal VPS obviates audit requirements, so sure.