Logging in as root is risky: a single mistake or a compromised session has full control. The fix is to create a regular user with sudo rights and disable direct root login.
1. Create the user
adduser deploy
usermod -aG sudo deploy # 'wheel' on RHEL-family systems
2. Give it your SSH key
rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy
Or paste your public key into /home/deploy/.ssh/authorized_keys.
3. Test the new user
Open a new terminal and confirm you can log in as deploy and run sudo whoami before changing anything else — so you never lock yourself out.
4. Disable root SSH login
Edit /etc/ssh/sshd_config:
PermitRootLogin no
PasswordAuthentication no
sudo systemctl reload ssh
Now attackers can't target the well-known root account, and every privileged action goes through sudo, which is logged. It's one of the simplest, highest-impact security steps on any VPS.