SSH keys are effectively impossible to brute-force, unlike passwords. Five minutes of setup permanently hardens your server.
1. Generate a key pair (on your computer)
ssh-keygen -t ed25519 -C "[email protected]"
Press Enter to accept defaults. Your public key is saved to ~/.ssh/id_ed25519.pub.
2. Copy the public key to the server
ssh-copy-id root@YOUR_SERVER_IP
On Windows without ssh-copy-id, append the contents of your .pub file to ~/.ssh/authorized_keys on the server manually.
3. Test, then disable password login
First verify key login works in a new terminal. Then edit /etc/ssh/sshd_config:
PasswordAuthentication no
PermitRootLogin prohibit-password
systemctl restart sshd
From now on, password guessing attacks against your server are pointless.