Comment by tialaramex
4 hours ago
It's completely crazy to use passwords when you needn't. Passwords are a human readable shared secret, they were already obsolete when SSHv1 was invented last century.
From the outset SecSH (SSHv2, the thing you actually use today and if you're younger, likely the only thing you ever have used) has public key authentication as a Mandatory To Implement feature. Implementations where that doesn't work aren't even SSH, they're garbage.
I am forced by external vendors and internal security to use password authentication for SFTP.
I do not have a choice!
This grew out of FTP less than a decade ago. Everyone has always known password auth; it cannot die.
Are you on the same planet as the rest of us?