What I do to reduce odds of lockout when I'm traveling is this: accept passwordless ssh first, and if that fails, fall back on 2-factor auth (password + Google Authenticator). I could still get locked out if my phone/laptop both get stolen, but in that case I can retrieve the ssh private key from an encrypted locker in the cloud someplace (protected by a different, memorized passphrase).
You should also encrypt your private key with a passphrase, using 'ssh-keygen -p'. The ssh-agent allows you to use it repeatedly for the duration of a session without having to retype the password multiple times. I often wish sudo had functionality similar to ssh-agent: a way to require a token established at session start, rather than a password entered every time. -rich _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
