A (hopefully) harmless intrusion brought to our notice the default /etc/hosts.equiv in 3.5 and 4.0 The default consists of a single "+", which in this context means ALL known hosts are trusted. An empty file seems a much better choice. Bernard Silver