This is from my ASUS RT-AC56R router log where I am using an alternate name for user root.

Mar 19 10:31:16 dropbear[17628]: Login attempt for nonexistent user from 200.239.152.141:58792
Mar 19 10:31:18 dropbear[17629]: Login attempt for nonexistent user from 200.239.152.141:58936
Mar 19 10:31:19 dropbear[17632]: Login attempt for nonexistent user from 200.239.152.141:59074
Mar 19 10:31:21 dropbear[17633]: Login attempt for nonexistent user from 200.239.152.141:59188
Mar 19 10:31:23 dropbear[17635]: Login attempt for nonexistent user from 200.239.152.141:59303
Mar 19 10:31:25 dropbear[17636]: Login attempt for nonexistent user from 200.239.152.141:59419

This person has been banging on the door for last few days

Can I change the default root user for LEDE firmware? Or, disable root ssh login, create standard user and sudo on ssh. But then, how do I login to the Luci interface?

If you insist on allowing ssh connections to your router from internet, I'd switch away from port 22 and would only allow key-based authentication.

There are better solutions tho, like port knocking, OpenVPN server or just not allowing administration from WAN.

@stangri I do not plan to use ssh from WAN. I am using stock Asus router and it had port 222 open to WAN. I have closed it now.

I will be moving to LEDE firmware soon.
The question is about security through obscurity in addition to blocking the relevant ports.

Are you concerned about hostile/malicious local clients?

This is a home setup so I am not really worried about LAN clients, except one win10 gaming rig (already on the guest network) that may get infected, but mainly somebody from WAN. I do not consider myself proficient with iptables/firewall and IPV6. I will be closing all relevant ports, and using IPV6 privacy extension on the internal devices etc. But, I would like to make it as difficult as possible people to peek inside my LAN.

My ISP provides IPV6 addresses and apparently favors IPV6 traffic per their speed test results. So I would like to use it.