Hi,
Some of these requirements probably can't be met without some extensive modifications, possible some additional support programs.. but maybe you can explain why you're so paranoid?
Physical security is difficult, disabling root access wouldn't prevent someone from booting from external media.. they could also remove the hard disk.. or do a multitude of other simple local attacks.
That said, you can edit
/etc/ttys and remove all instances of "secure", with this nobody will be able to login as root, as documented in
ttys(5).
You could also remove the graphics card and use a serial port for on-site maintenance, depending on the level of modifications you're willing to make, you could modify the kernel to prevent
vga(4) and other
wscons(4) devices from attaching.
For SSH, there is an option to prevent root logins, enable that.. and nobody will be able to directly login using the root account, however non-root users in the wheel group still have access to
su(1) and
sudo(8) and can elevate permissions.
When a user is logged in, any attempts to run
login(1) actually run an instance of su(1) instead, if you read the man page you'll notice that the wheel group plays an importance.. an unsuspecting user may conclude that having no users in the wheel group would be a good idea, but the opposite is true, if the wheel group is empty then su(1) permits
all users to attempt a root login.. which will succeed if they know the root password, if however you designate 1 or more accounts to wheel only they will be able to.
Fortunately on OpenBSD, you must edit
/etc/sudoers before sudo(8) is a risk.
Now, assuming you configure your system to prevent root logins directly, you will most likely have one user in the wheel group.. as is wise... this account needs to have a good password, but some would also argue that this account is a good candidate for attacks, disallowing password authentication for SSH would be wise as would periodically changing the password.
At the end of the day, the best plan is to only give accounts to people you trust not to abuse the right.
Good luck.