Run:
netstat -lnutp
as root.

It shows you what processes are listening on what ports and you need to ensure odd things like NFS aren't setup/listening.

Feel free to paste here if you like

Assuming you have easy console access or reliable user/sudo access:

Also - you should ensure /etc/ssh/sshd_config has
PermitRootLogin No

Ideally as drakino says, also set:
PasswordAuthentication No
and make sure your colleague uses an ssh key to get in.
(reboot or restart sshd to make them take effect)