I think this is our chance to get people to think more seriously about security in a world where plain-text password access has been under serious attack for the last 20 years now, and getting more serious every day. Passwords for shell access (via ssh) are dead in the modern world, It is just too dangerous in my view. This doesn't affect workstation or console logins or su, only incoming ssh connections. And this only affects new installs, not upgrades. If a user installing a new system wants to use a password for incoming ssh access they have to enable it for ssh in /etc/ssh/sshd_config... that really is not any more complicated then users who wanted to enable incoming root access via ssh and also had to (previously) edit /etc/ssh/sshd_config. Now both cases are uniform. Sshd by default allows you to use public keys but not passwords on new installs. Simple. Hmm. Do users still have to generate the host keys or does our installer do that now? I personally believe that installing a ssh key by pulling it over a network, e.g. with 'fetch', is just as easy as installing a password. The network has to be operational to access the machine remotely anyway so... Not only that, but we already have remote configuration tools (rconfig) which can be used to grant initial remote access by installing appropriate keys. OPIE would be a cool thing to have, I won't stop anyone who wants to make that work. -Matt Matthew Dillon <dillon@backplane.com>