> Keys are additional credentials, so they don't add any security by themselves. You have remove a password from an account (set unusable password).
Keys add security if you turn off password based logins (this is done in sshd_config - you don't need to mess about with the users passwd)
> However, there are rare cases where you need to access the server from some remote location, when you don't have your SSH private key at hand, and the only credentials you can use, are the those you keep in your head.
> Obviously, the most important requirement is a strong password, but protecting against brute-force won't hurt.
You're point about not having private keys to hand is a very valid one; and why I opt for fail2ban ssh rules against password logins on my own personal servers. But the strength of keys compared to passwords does make key based authentication a good measure against brute force attacks (purely in terms of the time line to to crack a key)
Keys add security if you turn off password based logins (this is done in sshd_config - you don't need to mess about with the users passwd)
> However, there are rare cases where you need to access the server from some remote location, when you don't have your SSH private key at hand, and the only credentials you can use, are the those you keep in your head.
> Obviously, the most important requirement is a strong password, but protecting against brute-force won't hurt.
You're point about not having private keys to hand is a very valid one; and why I opt for fail2ban ssh rules against password logins on my own personal servers. But the strength of keys compared to passwords does make key based authentication a good measure against brute force attacks (purely in terms of the time line to to crack a key)