I think you should read a little bit about (1) sudo and (2) ssh using public key authentication.

With sudo, you can get rid of any root password, you provide the current user's password instead. The only time you still need the root password is when the machine is in single user mode and you have to sit in front of the console.

sudo also allows a finer control of what commands each user can execute, and it logs what commands the users invoke.

sudo can completely emulate su (get a root login shell) by invoking it with the "-i" parameter.

ssh can run with public key authentication, and I recommend to disable password authentication completely, so sshd will refuse a login even if an attacker correctly guesses a valid name/password combination.

Alexander