I'm looking into locking down ssh some more. It seems that google provides a PAM module to enable a one time password as part of two factor authentication. But changing sshd.comfig to have: AuthenticationMethods publickey,password Would require both a password and a key. Since I'm in no hurry to get Google involved, I thought I might give it a try. Anyone have any thoughts or played around with this? -Gary