Do you access a server with username and password? It's a combination padlock facing the street
✍️ This post was written with two hands. The story — the first part — is Murilo's, lived and told by the person who was there. The technical manual , at the end, was written with AI. The split is intentional and marked in the text. Nothing hidden about the seam: part is human, part is machine, and the reader sees both. If you've ever managed or logged into a web server and never set up SSH keys, it's because you don't yet know the real risks of a break-in — and that's okay. Until you find out what can happen. Logging into a server over SSH with a username and password is like locking the front door of a house that faces the street, with nobody keeping watch. Anyone can try as many combinations as they want, freely. And setting this up takes almost as much time as typing a username and password — and it makes getting into the server much faster and easier afterwards. Ignorant of best practices, I managed my servers for a long time by typing: ssh user@server-ip password That nearly cost me dearly, the day I found out my server had been broken into. After that incident, I realized just how vulnerable a username and password are on SSH. Today I can't say I sleep soundly — no system is completely break-in proof — but I sleep a lot better (and honestly, I always slept well, until I started managing servers). Waking up on a fine Sunday morning to do some maintenance on the server, and finding out it was broken into through the front door because you left a combination padlock facing the street — that is not the kind of surprise I'd wish on anyone. I have a degree in Law. I worked for 15 years in the legal field at a public institution, until I decided to venture into the world of programming. And where did I end up? Managing systems at the institution I work for, after spending some time building automations in Python. Managing systems wasn't exactly what I had in mind when I wanted to learn to code and understand the world of programming. But that opportunity ended up tea