* When generating the initial ssh ley, use -C option to keygen so that the comment field is rational. Now set to $user@$domain. * Add -f (force) option to use in conjunction with -i (inituser) option to regenerate the initial (unencrypted) ssh key. The user's auth_keys are files are regenerated as well. The bad thing about all this is that you have to go remove any old keys by hand via the web interface since we do not mark the key we generate in the DB.