Thanks for responding. I think the SSH tunnel would be a viable option, however, for obvious reasons I don’t allow Root SSH login.
I did come across this post: Alternatives to root user when using ssh agent - General - Checkmk Forum where @martin.schwarz suggested additional security measure to help mitigate risks, but I require more specifics to better understand implementation and risk. I’ve already implemented the usual suspects in locking down SSH; it’s the advance stuff he reference puts me at a loss.