Not using SSH Pubkey Authentication is really serious security flaw compare to regular Password Authentication

Ilia Rostovtsev asked:

How would using PubkeyAuthentication would be more secure than using PasswordAuthentication, considering the following facts:

  1. Default SSH port is moved from its default
  2. Firewall blacklists an IP after few unsuccessful tries
  3. Password looks pretty complicated (14-20 senseless characters)

My answer:

Suppose somebody got your password from you by swiping the Post-it Note from under your keyboard? Or by using a rubber hose. It would be mostly useless if password authentication is disabled.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.