How to improve security and your comfort when logging in remotely to a linux machine?

What is public key authentication and why use it?

It is a (mostly - you can secure your private key with a password) passwordless method of authentication:

The motivation for using public key authentication over simple passwords is security. Public key authentication provides cryptographic strength that even extremely long passwords can not offer. With SSH, public key authentication improves security considerably as it frees the users from remembering complicated passwords (or worse yet, writing them down).

In addition to security public key authentication also offers usability benefits - it allows users to implement single sign-on across the SSH servers they connect to. Public key authentication also allows automated, passwordless login that is a key enabler for the countless secure automation processes that execute within enterprise networks globally.
https://www.ssh.com/academy/ssh/public-key-authentication

As stated before, this method of authentication revolves around a pair of keys - public and private; the private one should be properly secured and not distributed anywhere - it is only for your use; the public part on the other hand can be shared and uploaded to remote hosts for easy and secure authentication.

Besides authenticating yourself at another host, you can use such keys to authenticate at GitHub, GitLab, and many other services!

Generating and using keys on linux

Using ssh-keygen

To generate a key pair use following command:

ssh-keygen -t ed25519 -C "<comment>"

Note: on some (usually older) systems that don't support ed25519, you should use RSA:

ssh-keygen -t rsa -b 4096 -C "<comment>"

The comment which is added to the key is usually either your email or identification of the purpose of the key (for example the name of a host that will use the private key - to easily see on remote servers which public key belongs to which host).

ssh-keygen will ask for a password to protect the private key (to skip this step confirm without typing the password), and where to save key files (when using non-standard key filenames/paths additional ssh client configuration will be required) - said location can be also passed using -f <path & filename> parameter

Using private keys with custom names

If you left the default key filenames, ssh client will try them by default, if you created a custom name (for example - you have several key pairs) you need to specify the keyfile to be used - you can either pass it as a parameter to ssh command:

ssh -i ~/.ssh/mykey user@host

or you can add it to your ssh configuration at  ~/.ssh/config (this can be configured either globally, or for a certain Host):

IdentityFile ~/.ssh/mykey

Setting up public key on a remote host

The public key should be appended to the ~/.ssh/authorized_keys of the remote host's user that will be used. If you need to create .ssh directory and authorized_keys file, ensure they have proper permissions (0700 for .ssh and 0644 for authorized_keys).

Using the keys

That's it! You can use all the services that are based on ssh protocol (ssh, sftp, scp, and others).

Generating and using keys on Windows

Using PuTTYgen

To generate keys that can be used with Windows programs (such as PuTTY/Pageant or WinSCP), you can use PuTTYgen, which is a part of PuTTY CAC.

In the PuTTYgen dialog you can select the algorithm - the suggested one is Ed25519, although you may need to use RSA (and specify 4096-bit key size) if remote system supports only older ciphers.

After clicking "Generate" you'll need to create some random seed by moving your cursor within the dialog box; afterwards you can add a comment (usually your email or name of the host that'll hold the private key) and a password to protect the private key. Finally, you can save the files (one for each key) in a desired location (in this case the filename doesn't matter that much).

Setting up public key on a remote host

Before following the aforementioned instructions, you need to adjust the form of the public key; PuTTYgen creates something like this:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "sample-ed25519-key"
AAAAC3NzaC1lZDI1NTE5AAAAIL1fL7MfhYHEnPefKW1OcbJYJFLFdhWjUut9cQM1
VSlW
---- END SSH2 PUBLIC KEY ----

You need to change it to <cipher> <key> <comment>, like this:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL1fL7MfhYHEnPefKW1OcbJYJFLFdhWjUut9cQM1VSlW sample-ed25519-key

After these edits, you can add the key to authorized_hosts, or pass it to someone else.

Using the keys

PuTTY

When creating a new connection (or editing an existing one), you can navigate to Connection > SSH > Auth, and in Authentication parameters field group, you can set the path to your private key file, that should be used for authentication (remember to save the connection settings in the Session category!).

WinSCP

When editing advanced settings of the connection, you can navigate to SSH > Authentication, and set the path to your private key file.