You want a (more) secure way to edit files on your ssh machine owned by root. But you do not want to permit root login via ssh to the whole world? I had the exact same problem and found a little hacky but still not that dump (I guess) approach to that.
The idea is to allow ssh root login just on the localhost, which in my case is 127.0.0.1. With the usage of the ssh jump option you can use the normal ssh user login to reach the server from wherever you are, and then once you logged in as normal user, make a new ssh root login .. because now you’re on the localhost of your ssh machine.
Permit root login only for localhost
/etc/ssh/sshd_config on the ssh machine you want to connect to. Add the fallowing code to the end:
Match Address 127.0.0.1 PermitRootLogin yes
Save the file and restart the ssh deamon:
sudo service ssh restart
Connect to ssh server
Make use of the ssh proxy jump to connect first via normal user and than to root via localhost:
ssh -J <user>@<ssh-server-address> [email protected]
No you should be able to connect to root. Personally I use this to work remotely on my server via the vscode remote-ssh plugin.