Very common for UThis is true, also. Again, it comes back to the reason I use SCP. Getting your hands on the Key AND the Password are difficult enough, and if the hacker managed to get all that information and get in....well, maybe you should consider posting a "Security Admin for Hire" job posting on your server for next time he gets in
This can be very bad if you need to access the server remotely, or you are not at home. The only way to do this, and ensure you'll be able to access your server anytime you need to, would be to set up a VPN for when you are away from the primary (static) computer. Another problem you run into is if the ip address changes, you have to figure out a way to update your server to reflect it so you are not locked out.
You are only as secure as your weakest link. You cannot rely on the security of your client accounts for the security of your site.
I manage a web server with a bunch of FTP accounts on it. One of them just got hacked and the site had javascript injected into it. The thing is that the password was ultra-secure. Does anyone have any idea how they got in? The server logged a valid user login in the FTP log.
Thanks for the help.