On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
It’s just another way of minimizing your attack surface. It’s pretty much the same as hiding behind a barrier when being shot at, you stick yourself out as little as possible.
In the same way it also helps to change your SSH port to somewhere in the high numbers like 38265. This is anecdotal of course, but the amount of attacks on SSH went down by literally 99% by just changing the port like that
Then you accept only keys, you lock down root (so the username must be guessed as well) and yeah, you’re safe.
This is anecdotal
Not just anecdotal. The default SSH port gets hit by ridiculous numbers of bots because a lot of people don’t bother to change it. This will be true no matter what machine you’re on. Hell, your desktop at home has probably been scanned quite a few times even if all you do is watch porn on it