Allowing SSH connections from root grants attackers the ability to target a server without needing to guess the username, and once in, immediately have administrative access. To circumvent this, we will create a user for SSH'ing to the server, and then the account will run sudo su if root access is required.
Create the user account
sudo useradd -m -s /bin/bash <username>
Username must be lowercase
sudo passwd <username>
Edit SSH settings.These changes can be made and you won't be disconnected, you just won't be able to reconnect.
sudo nano /etc/ssh/sshd_config
replace the line: PermitRootLogin yes to PermitRootLogin no
Add the line below: AllowUsers <username> to allow the specific user to ssh to the server
Restart SSH:
sudo service ssh restart
