It's practically 2009 and too many of us still use a jumble of letters and numbers as passwords. A New Year's resolution to keep: here's an ultra-short tutorial on never typing your password into a remote host again. First, the MacOS client version.
- Create a key and encrypt the private side with a strong passphrase: ssh-keygen -t dsa
- Add it to your Keychain: ssh-add -K .ssh/id_dsa
- Establish trust: cat .ssh/id_dsa.pub | ssh some.remote.net tee -a .ssh/authorized_keys (or email that file to someone who can do this for you)
- Now go disable passwords for SSH on that remote server by adding PasswordAuthentication no to /etc/sshd_config and restarting the SSH server. You are now immune to SSH brute force attacks.
Repeat steps 3 and 4 for every remote machine you use, but make sure you have a secure backup of that private key!
I practically never use Linux from the console any more, so I won't contribute a tutorial for that today. PuTTY and Pagent make this pretty damn easy on Windows. No more excuses!
That solves the shell session password issue. For the rest, the solution isn't so neat and tidy. sudo apt-get install pwgen to create super strong (but somewhat memorable) passwords for local accounts and websites. Turn on FileVault or FireFox's master password and let software deal with authentication for you.