So ssh keys are noted as being more secure and password login should be disabled.
But if both the private and public keys are stored in cpanel (well, on the server and cpanel links to them) isn't that just as dangerous if a hacker could find a way to collect those files?
Should public keys be removed from the server or does it actually need them for the auth process?
But if both the private and public keys are stored in cpanel (well, on the server and cpanel links to them) isn't that just as dangerous if a hacker could find a way to collect those files?
Should public keys be removed from the server or does it actually need them for the auth process?