The BUG uses dropbear at its SSH daemon. You can create a .ssh directory under the home directory of the root account and place an authorized_keys file in there, just like you could on most servers that support SSH. See a previous posting by me for more details.
Not specifying a passphrase when setting up your keys is super convenient, but it does mean anyone with access to the computer that has your private key can access your BUG without restriction. So you may choose to use a passphrase, but if you have an SSH agent on your computer this is still more convenient (and more secure) than using plain password authentication.