Make a change to iptables to restrict further ssh from the host. [Action Craig]
Use of AFS+SSH to solve end user managed access control means that iFriend write access to Git repositories for collaboration will probably not work as-is (would require full DICE account). Needs consideration (e.g. use https instead) but does not need to block this approach. [Action Craig]
Investigate using SSSD minimal cacheing to protect against connectivity issues, although this may just be an action to create a separate project. [Action Ian]