Can you run sshd as a normal user on a high port,
thus eliminating any chance of a root compromise?

Vic