we are trying to make a policy decision whether to go with SSH user/passwd or PPK secure key ? our servers are hosted remotely by a hosting service. we were wondering which of these two models are more secure.

e.g. i would tend to think that user/passwd with account lockouts upon failed attempts would be more secure because the other option exposes your server in case someone sneaks the PPK file or steals your whole computer.

however, what makes me doubt myself is that Amazon Web Services EC2 cloud hosting uses PPK by default (although an instance's SSH config can be change to accommodate logging in but they don't endorse it).

opinions, please.

thanks

As a whole ppk isn't susceptible to brute force attacks like username and password. If you are aware of a theft however it's fairly simple to revoke or regenerate the keys in fairly short order typically. You could use a combination of both also.

[ Following given with the caveat that security needs for a small business operation differ from security needs for an extremely high risk target... ]

Challenge-response authentication (that is, account/password + PAM restrictions) coupled with strong passwords (enforced by pam_passwdqc or pam_cracklib) should be plenty sufficient.

Pubkey authentication + strong passphrases would be better, of course. But I don't know of a mechanism for enforcing strong passphrases.

In either case, disable Protocol 1 and direct root logins.

I think SSH is a very good option because of its feautres. I am not at all friendly with PPK, but yes, SSH is one the most famous encryption method which provides not only confidentiality of the data but also integrity of data over the network which is not secure. It creates a secure channel for the data to pass from one network to another network. It also uses public-key cryptography to authenticate user and even network. I hope this will help you.