I have updated the SSH server code in OVMS to remove temporary built-in passwords for jack and jill and public keys for hansel and gretel. Instead there is now real authentication code that fetches passwords and public keys from the config: - We keep the host key for the server in ssh.server:key. If none exists when the server is started then a background task is forked to create one, using the key generator in WolfSSL with entropy from esp_random(), and install it into the config. - The key generation also calculates the SHA256 fingerprint of the host key and stores it in ssh.info:fingerprint so that users can verify the key when connecting from a new client. The fingerprint is displayed when the generation is complete and can be viewed any time with "config list ssh.info". - Passwords may be stored under param password with the instance being the associated username. Alternatively, if there is no password configured for a username then the password stored under instance "module" is used. - RSA public keys may be stored under param ssh.keys with the instance being the associated username. The key format is as generated on a Linux or Mac system by the command "ssh-keygen -b 2048 -t rsa". This could be a key you already have or a new one made for this purpose. Only the one long string of the base64-encoded key should be stored, not including the "ssh-rsa" at the beginning or the user ID at the end. The key is stored with a command like this: config set ssh.keys casner AAAAB3NzaC1yc2EAAAADAQAB...C6p5jcbf4NCnX Public key authentication is really convenient because most client systems allow authenticating the private key once per login on the client and storing the decrypted private key in a key server. Then each session to the OVMS is authenticated automatically without requiring a password to be entered. WARNING: If the config does not contain any passwords (including for "module") nor any public keys, then authentication is considered disabled and any user can log in with no password or a random password. -- Steve