They don't rely on sudo. The sudo tag merely indicates that if sudo is configured to allow "your" (the pwned) user account to run them, they can also be used for privileged operations that might not have been intended by whoever configured sudo that way.
"Never allow root SSH" together with the strong implication that it should be used in conjunction with sudo, has always had a very weak rationale behind it, since as soon as you actually ever make use of sudo to elevate your privileges, for an attacker there is almost no meaningful distinction between your user account and plain root.
Looking at the historic reality, the weak rationale more than evaporates completely. Due to various CVEs, sudo has, in retrospect, been a trojan horse for most of its existence that allowed privilege escalation from any user account regardless of its configuration. The period for which sudo has had these vulnerabilities overlaps rather well with the period for which it has been championed as "best practice" along with the tenuous justifications based on security by obscurity and to avoid "user mistakes."
In that light, your setup seems perfectly sane to me, however I don't believe sudo is relevant as a backdoor anymore in 2023 and the focus has most likely shifted to something else.
"Never allow root SSH" together with the strong implication that it should be used in conjunction with sudo, has always had a very weak rationale behind it, since as soon as you actually ever make use of sudo to elevate your privileges, for an attacker there is almost no meaningful distinction between your user account and plain root.
Looking at the historic reality, the weak rationale more than evaporates completely. Due to various CVEs, sudo has, in retrospect, been a trojan horse for most of its existence that allowed privilege escalation from any user account regardless of its configuration. The period for which sudo has had these vulnerabilities overlaps rather well with the period for which it has been championed as "best practice" along with the tenuous justifications based on security by obscurity and to avoid "user mistakes."
In that light, your setup seems perfectly sane to me, however I don't believe sudo is relevant as a backdoor anymore in 2023 and the focus has most likely shifted to something else.