A weird quirk of Opalstack so far is that when you set up SSH key-based auth (public key in ~/.ssh/known_hosts, etc.) you'll still periodically be asked for the server password, after which key-based auth works as expected. That seems... suboptimal. If I have set up key-based auth, it should just work and I should never be asked server-side for a password. Asking for a server password but only sometimes defeats the purpose of setting up key-based auth.
This is a potential issue for a client who I'd like to move to Opalstack, and who relies upon a number of third-party devs, where the best model is not to share the server password but instead to allow SSH key-based login for SFTP and command line access that can be monitored and revoked when no longer needed.