Couple oddities came up working a bit from home:

an unknown (to me) user had submitted requests to SKM for access to the sysuser and root accounts on alh.  Exchanged a few emails with Jerome and Chanaka and determined that the requests had no merit, and were likely mistakes, so removed them.

Jack E. want to work on the sclrscratch machine but found he couldn't log in to the trg account.  Tracked it down to an incorrect SELinux security context on ~trg/.ssh/authorized_keys.  However, the authorized_keys files for the root and wbetts account both had the correct security context.  No idea why trg's file was different, but fixed it (restorecon) and set SELinux to permissive mode (as has become the norm, because tracking down its denials of non-standard services gets tedious.)