...and if your mailserver has problems, you lose control of your server. I wouldn't want to be in *that* boat without a paddle.
I'd prefer a serial console connection. Never heard of any serious software issues with a properly screwed-in serial cable :-)
I prefer to use the command line to control services. After all, that's what it's there for
Here's a question: what is it about running a ssh daemon in particular that worries people?
Software vulnerabilties in the ssh daemon? Come on, you're running a public web- and/or mailserver on your box, it's not as if your machine is invisible to the internet. You're probably running a few scripts, PHP, cgi, MySQL, ...
If you're worried about brute-force password attacks, either
1) choose a long password (my root passwords tend to be 10 - 15 characters long, and they're random. Yes, *really* random. (Of course they're written down on a piece of paper, but if my house gets burgled *and* the burglars crack open my safe then I think losing my root password is probably the last of my worries...)
2) switch to public/private key authentication. Just make sure you back up your private key properly - it's a long drive to the data center :-)
IMHO there's (a) a whiff of security by obscurity about this, and (b) it's also just a bit too "James Bond" for me. I'd prefer to use serial console redirection.
Another question: How many people here block ping requests at their firewall? Why?