I use the "AllowUsers" item in /etc/ssh/sshd_config.
To allow only one user, add that users name. This is the username of the person on the server, not the client.
You can also use "username@hostname". The username is a local username. The hostname is the hostname or IP address of the client.
If you use AllowUsers, all other users are denied access. That is an easy way of disallowing system logins. If this weren't the case, you would need to add the system users to the "DenyUsers" list.
You might also consider using public key authentication. The instructions for doing this are detailed in the comments above the "UsePAM yes" line. Doing this, an attacker doesn't have the opportunity to guess the username & password. If you do this however, make sure that the user protects his private key with a strong passphrase. The passphrase protects the private key on the client. Since the unlocking of the passphrase is done on the client, the server can't enforce the use of a passphrase as a policy. This is the disadvantage of using pubkey authentication with ssh.