: :> * Do not allow any login, root or otherwise, via tunneled plaintext :> password (previously: non-root logins were allowed via plaintext password). : :This means that people won't be able to ssh into a new DragonFly system :until keys for any given account have been created, correct? Unless they go in and change /etc/ssh/sshd_config, which isn't much different then what people had to do before when root logins weren't being allowed by any means. Generally speaking something like the 'rconfig' utility could be used to pull a configuration from another machine, verses pushing it via ssh. There is no need to type a key in by hand, the new machine's ability to access external networks is not effected. :Would it be worth changing the new user creation process to autocreate :keys too? I'm trying to think of ways to reduce the (admittedly already :small) administrative overhead from this. That's a hard call because entropy is not necessarily in a good place during the installation process. I suppose by the end of the installation process it would be reasonable. I dunno. -Matt Matthew Dillon <dillon@backplane.com>