The ssh password is maintained in clear text on the Gold. I would propose that this is not a good practice and the password should be hashed or the file it's in be encrypted.
This means that any support person who had remote support access can continue to have access (until the next boot or ssh pw change) even if Remote Support is disabled.
For obvious reasons I won't go into further details.
Please sign in to leave a comment.