When creating SSH accounts using the built-in administration text mode UI, there is an issue when entering passwords including the "@" character. This does not weaken security in any way, but can be confusing for end users when their correctly entered password does not work. It may be advisable to inform users about this.

Hashing SSH passwords with external BCrypt tools and entering them into the JSON file containing SSH accounts (either manually or via scripts) should theoretically work, but is neither tested nor supported at this point. Please contact us at <rce@dlr.de> if this is relevant for you.