Logging in as root is risky: a single mistake or a compromised session has full control. The fix is to create a regular user with sudo rights and disable direct root login.

1. Create the user

adduser deploy
usermod -aG sudo deploy      # 'wheel' on RHEL-family systems

2. Give it your SSH key

rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy

Or paste your public key into /home/deploy/.ssh/authorized_keys.

3. Test the new user

Open a new terminal and confirm you can log in as deploy and run sudo whoami before changing anything else — so you never lock yourself out.

4. Disable root SSH login

Edit /etc/ssh/sshd_config:

PermitRootLogin no
PasswordAuthentication no
sudo systemctl reload ssh

Now attackers can't target the well-known root account, and every privileged action goes through sudo, which is logged. It's one of the simplest, highest-impact security steps on any VPS.