Hello,
If I setup a SSH connection simply using the password, with a numerical passwordof 8 digits it will be very easily crackable right? If I let port 22 open on the pine phone, and I connect to another wifi than my lan, or to 4g, will my device be vulnerable to brute force attacks?
I see now how those instructions could be confusing if you're not already familiar with ssh. You need to generate the public/private key pair on whichever machine you want to ssh from (your desktop, laptop etc.) then copy the public key into the user's ~/.ssh/authorized_keys file on the phone. The example uses ssh-keygen to generate the keys, and ssh-copy-id to copy it via the existing (password based) ssh route. This assumes you're using linux or other *nix-compatible system where these commands are available - I think this may also include WSL/WSL2 on Windows but I don't have experience with that. PuTTY does things a bit differently IIRC - it's some years since I used it, but I remember a web search finding suitable instructions fairly easily. That may be helped by already knowing what I was looking for though. Once you've configured the use of keys it should 'Just Work' so you can test it before changing anything on the server (phone) end. Once you now it's working you can change the /etc/ssh/sshd_config on the PinePhone to disable PasswordAuthentication and optionally change the port, then restart the server so it uses the new settings.
I am using linux, I see I made a lot of mistakes trying to do that. I generated the keys on my phone lol
I've updated the wiki entry - please report back if it's still confusing or you find anything wrong.