> it's allowing root to login via ssh that the problem. That is strictly prohibited.
Have them go reread the man page on specifying commands and associating them with keys.
> We cannot su to xm destroy after we login as a non root user for obvious reasons.
oh? I don't know anything about running Xen. But I fail to grasp the rationale behind denying both SU or logins as root. It sounds like the "security" people can't tell the difference between real security management and somebody's naive policy assertion. It's rather telling that they think some home-grown application is a more secure/acceptable solution.