Right now if you SSH into the virtual appliance you can run commands as root without typing a password. While this is convenient it seems somewhat dangerous. It would probably be a good idea to require credentials as well as having a timeout (5 minutes or less) on the rights elevation.
