One thing I've found useful is Kerberized SSH access, which lots of large institutions (e..g. university departments) happen to offer. Ordinarily, you have to install a SSH key on all machines you'd like to use or remember a password for all of those; under best-practices use, users have encrypted keys that require a password at each use. Kerberos can maintain a more secure environment while generally being more convenient, since tokens last for 24 hours and can't easily be stolen like SSH keys. Also, if a key needs to be revoked, Kerberos can destroy all tokens at once, which is beneficial if you forget which servers your key is on.
If you happen to have Kerberos credentials, it's generally fairly simple to setup with SSH. I only needed to include this line in my $HOME/.ssh/config:
Host *Getting a Kerberos token tends to only require running kinit user@REALM like such :
matt@badwolf> kinit user@ECE.VT.EDUand then you can ssh without a password. You need to run kinit -R before your tokens expire if you don't want to have to enter a password to authenticate again. I've been meaning to daemonize this for convenience, but haven't had a need to lately. As a shameless plug, VTLUUG now offers free Kerberized shell accounts for those that come to meetings.
Password for user@ECE.VT.EDU:
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: user@ECE.VT.EDU
Valid starting Expires Service principal
12/20/12 17:30:36 12/21/12 17:30:32 krbtgt/ECE.VT.EDU@ECE.VT.EDU