A side node on security: It's not a good idea to allow root access from the internet or even a local network.
Consider to create a non-privileged management-user account and then issue specific sudo /bin/whatever commands (w/o password) by that particular user.
After testing, disable root access (i.e. /etc/ssh/sshd_config). Take care to disable password expiration for that user and change PKs regularily.
That are the basics. Study the hardening documentation of your distro for more measures.
Yes, it is tedious and more work.