It’s both far more convenient and far more secure. There’s basically no downside.

Passwords are an obsolete technology that we keep widely using because they’re familiar and comfortable and then we try to bandaid-fix their issues with MFA which almost everyone finds intensely aggravating (and rightly so). Passwords are an awful choice from a security point of view.

SSH was well ahead of the curve on allowing and adopting passkeys, but you will notice an upcoming push towards passkeys for everything, because the rest of the tech oligarchy has finally discovered that, like with MFA, they can use it as a way to capture your entire online identity within your phone which they own and control (even though you paid for it) and then use this as a lever to maintain their control of you, your phone, and your online identities. Enjoy your age verification journey!

SSH keys are not locked to your phone and don’t have any big-tech strings attached, they are free and open and can be stored on any device, including ones you actually own and control, as it should be. SSH keys are the real deal.

In addition to what others have said, you can also use it for MFA. For example, SSH to a server, force checks keys then enter password.

More secure and more convenient than passwords. If you are exposing SSH to the internet, you really shouldn’t have password authentication enabled

It’s something you have instead of something that can be guessed. The window gets a bit smaller if someone has to actually be in possession of a file instead of just being able to guess or bruteforce a password.

They are much harder to guess than most passwords that people use, to te point of being unfeasible to brute-force. This makes them a much more secure option than passwords.

I actually looked this up earlier today because i didn’t understand part of it.

An ssh key is, as i understand it, a way to encrypt the connection so only a device that has they key can unlock it.

There are 2 parts, a private key which should never be shared and a public one which can freely be shared.

You usually generate both keys on the device that connects to the ssh, keep the private key on there with the public key going on the server. Thats the part that confused me. (Why is the secret one not on the server i don’t want people to access)

But the way it works is that the public key is used to encrypt/lock something.And only the private key can unlock it.

Any other device that tries to connect just gets an encrypted connection they don’t have the key for. Because these keys are so long no current day tool can guess or crack them. So it is the absolute safest way to establish an ssh connection.

Quantum computers might in the future be able to break them but solutions for this are being worked on.

There are also some systems where you have 2 key pairs where the server also has a private key, to authenticate both ways.

That depends on what your doing

For connecting to a server it can be the only way in