[olug] ssh/sftp/scp questions

[Thom]

Has anybody found a SSH solution that's easy to administer and keeps the 
keys on the users' PCs secure?
That logs the sftp and/or the scp data transfers?

I'm using SSH on my HP Unix boxes at work.  Currently, there are only a 
handful of local users directly accessing our boxes with it so I'm 
simply having them login using a password.

We've got a project in the works to convert an application to our HP 
systems.  It's going to require 60-100 people to log onto one of our 
servers as well as transfer files back and forth. 
Currently, this application resides on another box in another state 
under another admin. <== That was a Disclaimer before I tell you the rest!
The users access it using telnet and ftp ( with .netrc files ) from 
their Windows PCs.
The user IDs are not jailed using chroot.
The data is sensitive.

As mentioned, the users are used to .netrc files to make the ftp process 
password free.  I'd like to give them similar ( but secure ) 
functionality using PuTTY and ssh-agent.  Of course, that will make 
their SSH session easier too.

Basically, I'm wondering about the administration of the keys.
Public Encryption ( RSA, DSA ) v. Symetric Encryption ( 3DES )
I'm not sure whether PuTTY supports RSA or DSA, but if that's the way to 
go I'm sure I can find a product ( for a price ) that does.
When the user creates their own private key, is there anyway to ensure 
that they've used a relatively secure passphrase?
3DES is much faster, ( 1000x ? ) but requires secure distribution of the 
key and each user would have to have a different key.  I don't believe 
that these keys can be passphrase protected?

Thanks.

Thom