I got sick of my shared hosting on GoDaddy, so I signed up for a Cloud Server on Rackspace. A friend walked me through installing apache, and locking down root. He also advised me to disable password login and use SSH keys. So I did.
Said friend walked me through setting up an ssh_config locally, so instead of logging in with ssh username@server, I use ssh alias. This works, but it's largely frustrating because I have no clue how it's actually working behind the scenes.
SSH Keys are essentially extremely long passwords. They are so long that normal people can't remember them, so they have to be saved. From a security prospective there's little different in the possible level of protection provided by each. The big difference is that people pick terrible passwords, especially people who think they know to pick an "ok" or even "good" password.
SSH doesn't rate limit login attempts. So a "normal" setup will allow 100+ password guesses per second. Using a tool like Hydra password guessing can be automated enough to make this process trivial. Almost half of people use the same million passwords; at 100/s it takes minutes to break if if their username is known. I'll bet your username is based on your real name, like the vast majority of people.
SSH Keys break this pattern by generating what is essentially a password 128 characters or longer. Guessing at something like that would take an astronomical amount of time. There's really no point in even trying. The would-be hacker will die of old age before he can get through 1% of possible keys.
This problem with people picking passwords that they think are good is summed up nicely in an XKCD comic (note that young people on the whole pick much worse passwords than old people too):
