diff --git a/roles/iiab-admin/templates/lxde_ssh_warn.sh b/roles/iiab-admin/templates/lxde_ssh_warn.sh
index 4f1fcf1b8..2e8f6a482 100755
--- a/roles/iiab-admin/templates/lxde_ssh_warn.sh
+++ b/roles/iiab-admin/templates/lxde_ssh_warn.sh
@@ -1,22 +1,32 @@
 #!/bin/bash
+
+function check_user_pwd() {
+    # $meth (hashing method) is typically '6' which implies 5000 rounds
+    # of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password
+    meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2)
+    salt=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f3)
+    hash=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f4)
+    [ $(python3 -c "import crypt; print(crypt.crypt('$2', '\$$meth\$$salt'))") == "\$$meth\$$salt\$$hash" ]
+}
+
 # credit to the folks at raspberry pi foundatioon
-check_hash ()
-{
+check_hash () {
    if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi
    if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi
-   test -x /usr/bin/mkpasswd || return 0
-   SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)"
-   test -n "${SHADOW}" || return 0
-   if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi
-   SHADOW_PW=$(echo $SHADOW | cut -d: -f2)
-   if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi
-
-   if echo "${SHADOW}" | grep -q "${HASH}"; then
-	zenity --warning --text="SSH is enabled and the default password for the 'iiab-admin' user has not been changed.\nThis is a security risk - please go to the iiab-console and use utilities-> change password   to set a new password."
+   #test -x /usr/bin/mkpasswd || return 0
+   #SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)"
+   #test -n "${SHADOW}" || return 0
+   #if echo $SHADOW | grep -q "iiab-admin:!" ; then return 0 ; fi
+   #SHADOW_PW=$(echo $SHADOW | cut -d: -f2)
+   #if [ "$SHADOW_PW" != "\$6\$iiab51\$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop." ]; then return 0 ; fi
+   #if echo "${SHADOW}" | grep -q "${HASH}"; then
+   if check_user_pwd "iiab-admin" "g0adm1n"; then
+       zenity --warning --text="SSH is enabled and the default password for user 'iiab-admin' is in use.\nThis is a security risk - please change the password using IIAB's Admin Console (http://box/admin) -> Utilities -> Change Password."
    fi
 }
 
-if service ssh status | grep -q running; then
-	check_hash
-fi
+#if service ssh status | grep -q running; then
+#    check_hash
+#fi
+systemctl is-active {{ sshd_service }} > /dev/null && check_hash
 unset check_hash