use the Match config file directive:

PubkeyAuthentication yes
PasswordAuthentication no
Match Address 10.0.0.0/8
PasswordAuthentication yes

The server not being able to force policy on the clients is inherent to the client-server system: If you client is un-trusted, you cannot enforce anything on it.

Unfortunately, while current OpenSSH supports multiple authentication options, they cannot be "stacked" - if you manage to authenticate in one way, you are in.

In my blog I suggest a solution: I show a way to force OpenSSH to ask for a (server based) password after key based login,. This way you can enforce password policy on the server (strong passwords, etc...) with the standard tools, and also require a key. The key can now be password-less.

Shai

https://play.google.com/store/search?q=carpool&c=apps

SSH Persistent Tunnels : It's GPLv3, complete with building instructions:
http://code.google.com/p/ssh-persistent-tunnel/

but for $1.50 you can just save yourself the hassle of setting up the android SDK and install the binary from Google Play, complete with automatic upgrades etc...
https://market.android.com/details?id=org.ayal.SPT

Most devices that I know of need to pair physically with their programmer -- something needs to touch the skin above the implant to initiate communications.
At this range, the would-be-assassin can just as well inject something to harm a person, no need for sophisticated communication gear. (a PC analogy: if the PC can be physically compromised, using SSL to access gmail won't help you ...)

As someone working in implanted device development I can assure you that there are many regulations in place to guarantee that not much can interfere with your pacemaker.
For the specific case of shoplifting detector gates, there exists such labs as GTRI which has specific tests for them, and for other types on interference there are many standards (PC-69, EN-45502, and more).
Implanted device software is highly regulated and is developed and tested according to the relevant IEEE standards.
Also note that pacemakers are quite old technology ~1958 and quite mature. So, although it is conceivable that there are bugs in pacemaker software, please give the relevant hw/sw engineers some credit

Actually, I have a cannon camera, the S80 which uses accelerometers to write portrait/landscape data to the EXIF and to orient the display when browsing photos. It's circa 2005, but I'm sure at least canon cameras had this feature before. Also, it's portable.

The email calender connection is simple -- email is used for invitations. invitations to events are sent via email, and the invited parties can accept, decline and such, also through emails.

While this can be done using separate email and calendar apps, where the calender is a viewer for invites that the email app receives, and the calendar app sends invites/replies to invites directly using the MTA, it's much more convenient to be able to just be able to see the invite in the email app, see if it conflicts with an existing event, and click "accept" ro decline or whatever, all in the email app, in the message view pane.

debian on pogoplug

1. I have an eepc 701, 2Gb SSD + external 2TB disk. It's running lenny, and It's been on for about two years, doing an rsync backup every night. I'm not sure what the power usage of this setup is since the eepc 701 is a celeron machine, which is not very energy efficient, and the the 2TB external disk has it's own power supply, but it does show that it can withstand being on 24/7

2. For a really cheap alternative, try buying an NSLU unit used (called SLUG by it's affectionados). it should be ~$20. It takes 5W! I run squeeze on it. I have one connected to an external 500GB 2.5" unit,. It uses only the 5W power supply. It's on 24/7 doing backups from gmail, and photo backups, and serves multimedia files via SAMBA. It is quite slow, but it does the work

3. Slightly higher power -- pogoplug at ~$50 on ebay. This should be fast enough and very low powered.

Actually it wasn't in a deserted road but in Talpiot commercial district in Jerusalem (See this report).
Because of the time difference it blew off an hour early which was (I think) 7:30am instead of 8:30am. 8:30am would have been a very busy time. at 7:30am it was quite deserted.
Also, there was no suicide bomber -- the car was left to blow up with a timer.

I did some online research a few months ago and found BuddyBackup. It lets you store your backups on your friend's disks (and vice-versa). It's free (as in beer) and by the feature list it looks like the company behind it knows backups.

you do know that KeePassX is a post of the windows KeePass and the database is compatible between versions? There is even a portable version you can put on you IronKey, so you don't have to export keepass data tou your IronKey