Do you sync your ssh keys to all the machines you login from?
How do you ssh-copy-id without some allowance for passworded logins? Especially if you're doing it from such distant machines that you can't scp over a .ssh/config file.
So, I just ssh to whatever machine I need to work on, but occasionally need to rsync or scp files to/from that server.
Sure, I could have puppet push a ~/.ssh/config file everywhere, just seems more effort than it's worth. After all if a hacker wants to know if you are running ssh, it's not hard to scan all ports for ssh.
Why inconvenience yourself more than the attacker?
How do you ssh-copy-id without some allowance for passworded logins? Especially if you're doing it from such distant machines that you can't scp over a .ssh/config file.