Based on this evidence, does anybody object to a bug report being filed against openssh-server, saying that password authentication should be disabled by default? Of course, that leaves all my ideas in serious trouble, but that's a secondary matter. - Andrew