The karaf agent needs to be enhanced to be able to set up an ssh agent and use a public/private key.
The ssh server need to be configured with a public key authentication that could delegate to the KeystoreInstance using certificates.
The goal would be support the following use cases:
- once a user is logged into a given karaf instance, he can connect to any other instance (provided that the public key is supported)
- the stop script could use the ssh agent so that you don't need to launch it with a password on the command line
A set of commands to administer the keystores might be interesting (maybe a console plugin too, but we need to check with what Geronimo provides in this area).
Btw, I wonder if Apache Shiro would help in any way for all the security stuff.