Different remote SSH access password than user account password

Is it possible to have a different password for SSH access than your user password.

I would like to have a strong password for remote SSH/SFTP access, while having a password that is fast to type on my user account.

Solution 1:

You can only have one password for one and the same account, but for SSH and SFTP you can however further restrict access to make it more secure.

One thing you can and should do if your SSH server is available to the public is disable password authentication altogether:

Edit /etc/sshd_config (requires root credentials) and uncomment the line:

#PasswordAuthentication no

Next uncomment and change the following directive to no.

#ChallengeResponseAuthentication yes

Now you can only authenticate with SSH keys and authenticating with passwords is disabled. To set up a public and private key I'd refer you to the following documentation.

Additionally you can also restrict which accounts can login over SSH and for example only allow one specific user (which can be different from your day-to-day account and can have a more secure password). You can do that right from the Sharing preference pane.

Solution 2:

If you're looking for strong security over SSH, I recommend using key authentication. You have the option of assigning a password to a key. You can be the judge of how strong the password for your key needs to be. Remember, that a medium strength key password when the key yields stronger security than simple password authentication--assuming that you've properly secured your private key.

The basic process is: