use the Match config file directive:
Match Address 10.0.0.0/8
The server not being able to force policy on the clients is inherent to the client-server system: If you client is un-trusted, you cannot enforce anything on it.
Unfortunately, while current OpenSSH supports multiple authentication options, they cannot be "stacked" - if you manage to authenticate in one way, you are in.
In my blog I suggest a solution: I show a way to force OpenSSH to ask for a (server based) password after key based login,. This way you can enforce password policy on the server (strong passwords, etc...) with the standard tools, and also require a key. The key can now be password-less.
SSH Persistent Tunnels : It's GPLv3, complete with building instructions:
but for $1.50 you can just save yourself the hassle of setting up the android SDK and install the binary from Google Play, complete with automatic upgrades etc...
While this can be done using separate email and calendar apps, where the calender is a viewer for invites that the email app receives, and the calendar app sends invites/replies to invites directly using the MTA, it's much more convenient to be able to just be able to see the invite in the email app, see if it conflicts with an existing event, and click "accept" ro decline or whatever, all in the email app, in the message view pane.
2. For a really cheap alternative, try buying an NSLU unit used (called SLUG by it's affectionados). it should be ~$20. It takes 5W! I run squeeze on it. I have one connected to an external 500GB 2.5" unit,. It uses only the 5W power supply. It's on 24/7 doing backups from gmail, and photo backups, and serves multimedia files via SAMBA. It is quite slow, but it does the work
3. Slightly higher power -- pogoplug at ~$50 on ebay. This should be fast enough and very low powered.
Save the whales. Collect the whole set.