> also enforce either strong passwords or require no passwords (e.g. keys
> only) and everything should be cool.
what is 'password'?
"password" is that thing that you use when you don't want one compromised
"passphrase for your DSA key" to give access to every resource under the
sun that you have access to.
Keys are fantastic when used to access a resource with relatively
permissive (or no) IP-based access lists, automated applications, etc.
However, where I have a resource that's already heavily restricted for
SSH by ACL, I sometimes prefer an actual password that has to be dredged
out of memory.