ssh

SSH password authentication is an easy way to get into SSH, but it's also easy for hackers to try to brute force the passwords. Use a password encrypted pub/private keys only and the hacker are given an insurmountable task.

To check a remote SSH server has password authentication available of not, use this quick check:

When sudo into another user, sudo will strip the environment for security reasons. When trying to do root actions that require ssh keys, all access has been lost.

For the root user, these can be kept without caveats because they have access to everything anyway :P So we add the following to /etc/sudoers using visudo (do not etc the /etc/sudoers file directly).

Why? Because it doesn't work with ed25519 keys and utterly takes over the ability run the real one globally.

Use the Ed25519 curve as the ECDSA curve has a shadow over it.

Use this to generate the default identity key file with a password.
ssh-keygen -o -a 100 -t ed25519