Frequently Asked Question

Why are SSH keys safer than passwords?

A password is a shared secret: the server stores a hash of it, you type it into the client, and an attacker who can guess, brute-force, or phish that single string is in. An SSH key pair is an asymmetric cryptographic credential. The private half lives on your workstation (ideally in an encrypted file, protected by a passphrase, optionally held in an agent or hardware token); the public half lives in ~/.ssh/authorized_keys on every server you can reach. The server proves you control the private key by giving you a challenge to sign, and never sees the private key itself.

The practical consequence is enormous. A server that disables PasswordAuthentication is immune to the millions of brute-force attempts that hit every internet-facing sshd every day. Even if attackers grab your authorized_keys from a compromised server they cannot use it to log in elsewhere; they would need the matching private key, which never leaves your machine. Pair this with a passphrase on the key and a hardware token (Yubikey, FIDO2) and you have a credential that is essentially unphishable.

For a defender the rule is simple: generate an Ed25519 key with ssh-keygen -t ed25519, copy it with ssh-copy-id, then set PasswordAuthentication no and PermitRootLogin no in /etc/ssh/sshd_config. Test from a second terminal before closing your session.