Hi, You can use RSA challenge-response authentication, and the machine you are connecting to will only accept connections if you have a private key (which you protect through a passphrase), provided you disabled simple password login in it (in the file sshd_config, see below). An attacker would need first to obtain a copy of your private key and then would have to guess the passphrase (note that, if he does obtain the private key, he can launch a dictionary attack in the privacy of his room, so the passphrase should be a very strong one). The inconvenient is that you can only login from machines where this key is saved (under your directory ~/.ssh) or you have to otherwise carry such a private key with you on a diskette or USB stick. In order to generate such a key, you can use the ssh-keygen command. But, hey, security never rimes with conveniency :-) ... You should also disable root login via ssh, under all circunstances. And only use the SSH2 protocol, SSH1 has known weaknesses (someone else has just referred these two options as well). The file to tweak is /etc/ssh/sshd_config. The list is sort of self-explanatory. If you need further help, check the man pages for ssh, ssh-keygen, ssh-agent and ssh-add. If this does not help, drop me a note, I have a little bit of experience with the use of ssh. Note that there is a wonderfull reference, from O'Reilly, on SSH, 'SSH, the secure shell - The definitive guide', by Barrett and Silvermann. It is really a definitive guide, I learned practically everything from there. As far as I know, the version OpenSSH_4.1p1, which shipped with 10.0, has no known security bugs, but I could be wrong. In any case, there are no patches to it from SuSE. Check the openssh website for more information. Hope this helps. Best, Jaime.