[needs-packaging] openssh-x509 - native support for X.509 v3 certificates in openssh
Some shops use x.509 certificates to restrict access to openssh.
(In fact, one shop I know of says that's how they kept a penetration tester from getting too far.)
Upstream openssh refuses to support that feature because they feel it would increase their attack surface (see http://
Perhaps Ubuntu can package openssh-x509 as a separate package, so users who ask for normal openssh aren't subjecting themselves to the increased attack surface, and users who need it can get it.