Not using SSH Pubkey Authentication is really serious security flaw compare to regular Password Authentication

Ilia Rostovtsev asked:

How would using PubkeyAuthentication would be more secure than using PasswordAuthentication, considering the following facts:

  1. Default SSH port is moved from its default
  2. Firewall blacklists an IP after few unsuccessful tries
  3. Password looks pretty complicated (14-20 senseless characters)

My answer:

Suppose somebody got your password from you by swiping the Post-it Note from under your keyboard? Or by using a rubber hose. It would be mostly useless if password authentication is disabled.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.