There appears to be a bit of snafu where the sshd defaults are not what we thought they were. We wanted cleartext password authentication to be disabled by default (that is, have sshd only use public key pairs), but it appears that it might be enabled by default.
If you do not use cleartext password authentication for remote logins please be sure to disable it. in /etc/ssh/sshd_config. Many people with workstations use a simple password to login to X which they do not intend to be usable for remote logins into the machine. PasswordAuthentication no and kill and restart /usr/sbin/sshd. sshd can be restarted without killing existing sessions by killing the main server by its pid, then running '/usr/sbin/sshd' to start it up again. sshd does not have to be recompiled. -Matt
