Right now the bastet and adventure demos are working for me but nano is down.
They have deliberately low max-session limits...
I did consider doing persistent sessions, but on reflection I decided that it's better to do that at the next layer down i.e. using screen. Then configure Anyterm to invoke screen, rather than "ssh localhost". I should probably mention that in the docs.
There is no sensible way to do key-based auth. One-time passwords of some sort might be the best alternative. TBH it's fundamentally not well suited to situations needing more than modest security.