set a password for user with, as root: passwd user
enter the new password twice. then sort out sudoers and lock the password for the root account. the -l parameter to passwd unsets the password.

Getting sudoers wrong can cause very big access and boot problems, so be very careful. Stop here unless you are happy to reflash the device.

The best tool to edit the file with is visudo, it syntax checks the file before saving. The last rule applies, so add this rule near the top of /etc/sudoers
user ALL = PASSWD: ALL
which means I can run all commands as root, but will be challenged for my own password.

My added rule is after Defaults, but before other similar looking rules.

Make sure the sudoers change works before destroying the root password.
If the order of rules in the file is wrong, eg, adding the new rule at the end, it seems to break the boot process, possibly it it challenging for the user password but just hangs.

With sudoers working, as user, lock the root acccount:
sudo passwd -l root
it's still possible to "sudo su - root", but not to ssh remotely directly to root.