That's what I thought. It's always struck me as a limitation of the ssh auth approach. While I can't insist on a good password, I'd like to be able to insist upon password-protected keys (at least as a default -- exceptions for some system processes / activities).