That's quite interesting, but it sure looks like it's unable to encrypt the only part of the session that I really want to encrypt: the password. --- Jef True - that's why I suggested using one-time passwords before you get to that stage. I'm using s/key myself. If you can't install s/key checking in login, you can use an s/key shell as a user process (assuming you can change your shell that is). By the way, S/Key *doesn't* need an intelligent card - you can do what I do and print off 100 passwords small on a credit-card slip. I fetched it as soon as I discovered this. It's not a perfect system but it helps. G