If your headless, or remote, server is visible over the Internet, you should use public key authentication instead of passwords, if at all possible; because SSH keys provide a more secure way of ...