You want a (more) secure way to edit files on your ssh machine owned by root. But you do not want to permit root login via ssh to the whole world? I had the exact same problem and found a little hacky but still not that dump (I guess) approach to that.

The idea is to allow ssh root login just on the localhost, which in my case is 127.0.0.1. With the usage of the ssh jump option you can use the normal ssh user login to reach the server from wherever you are, and then once you logged in as normal user, make a new ssh root login .. because now you’re on the localhost of your ssh machine.

Server side:

Permit root login only for localhost

open /etc/ssh/sshd_config on the ssh machine you want to connect to. Add the fallowing code to the end:

Match Address 127.0.0.1
	PermitRootLogin yes

Save the file and restart the ssh deamon: sudo service ssh restart

Client side:

Connect to ssh server

Make use of the ssh proxy jump to connect first via normal user and than to root via localhost:

ssh -J <user>@<ssh-server-address> [email protected]

No you should be able to connect to root. Personally I use this to work remotely on my server via the vscode remote-ssh plugin.