undefined | Better HN

0 pointsSahAssar4y ago0 comments

For one a key is not transmitted over the network but the bigger reason is that most people don't use sufficiently long, random and unique passwords. If you are running a server where only you SSH in and you use a long random and unique password you are probably fine but for most people it's just easier to use keys at that point since it is not a lot easier to use long random and unique passwords than it is to use keys.

One upside to keys is also that since the server does not have your private key you don't need to rotate it if that server is hacked so you can reuse the same key for multiple servers and services. If you reuse the same long random password it only takes one of those servers/services to be hacked for you to be compromised on all of them.

0 comments

Sebb7674y ago

Adding to that, some servers might have a secondary user with a weak password that was created by an installer or an admin for testing purposes. Disallowing password login prevents others from exploiting these accounts.

SahAssarOP4y ago

Agreed, that's why I put "If you are running a server where only you SSH in" but maybe I should have been more clear about it.

j / k navigate · click thread line to collapse

0 comments

Sebb7674y ago

SahAssarOP4y ago

Agreed, that's why I put "If you are running a server where only you SSH in" but maybe I should have been more clear about it.

j / k navigate · click thread line to collapse