So i am very new to the server world, so i am trying to learn.

My server got hacked from a ssh brute force attack, so i reinstalled the OS and am currently trying not to make the same mistake again!
The world sure isn't kind to new folks around here lol.

This time i will use SSH keys and disable password login. So after finding out i can store my SSH keys on Github i tought it would be smart to have a Cron job that runs.
This way if i move to a new computer i can just upload them to Github and be ready to go, no moving private keys required (a supposedly big nono)
I have 2 factor auth setup for GitHub so it would be hard to hack me there. Is this a smart thing to do?

What does the council of LinuxQuestions say, what is my faith?

I fail to see how moving a key in a secure connection is a nono. As I do with giving someone else access to them. Does that script use a secure connection when transferring the key? If not you have sent them in plain text over the internet. A definite security nono and I would think since you were owned already that you had failed to install the fail2ban software to protect the connections to your server. I would start there for your efforts on securing your system.

https://vexxhost.com/resources/tutor...-on-ubuntu-12/

Why is it called owned, what a humiliating word to use haha.
Yeah i failed to mentioned that i also have installed fail2ban now as i was told this would be a good idea.

And yes the script uses a secure https connection to Github so i think it's fine

Because instead of you owning your server after that point they do.

I see no point in constantly downloading the same key because it appends to the file each time it is run.

Private keys should never be moved anywhere except the local network or backup media. Public keys don’t matter, private keys do.

Aws i understand ssh-import is just the reverse of ssh-copy.