I don’t recall ever coming across that option in Virtualmin. You may have to add the user to the SSH group, which would be by editing
/etc/ssh/sshd_config to add an
AllowUsers entry in CentOS. I have no idea how in Ubuntu.
There’s nothing terribly wrong with allowing SSH. Allowing password authentication is problematic; but even that can be done fairly safely if SSH is on a non-standard port AND strict rules regarding port-scanning and login failures are implemented at the firewall.
But don’t do the one unless you’re also willing to do the other. Using a non-standard port by itself isn’t very useful. You have to make it virtually impossible for a miscreant to stumble across the port and brute-force the password before getting locked out.
It helps if you set up login failure lockouts for all the commonly-abused service ports, including (and especially) services that don’t even exist on your server. For example, I always set up LFD to monitor 3389 (Windows RDP) on Linux servers just because it’s a popular target. If a miscreant or bot gets locked out of a non-existent service port, then I don’t have to worry about them accessing one that’s in use.