The authenticity of host 'ssh.example.com (220.127.116.11)' can't be established.
RSA key fingerprint is 96:21:c3:32:3d:cc:18:d5:53:6a:d4:0d:0d:73:c6:1a.
Are you sure you want to continue connecting (yes/no)?
This initial message is what Monkeysphere is designed to fix.
Monkeysphere distributes GPG-signed SSH host keys. If you have the admin's trusted public key, and they sign their hosts' keys, you can trust the host key even if you haven't connected to it before.
Fortunately, for those of us who are a few years younger, there's Oolite.
I have similar platform requirements (less the Blackberry), so a combination of PasswordSafe and pwsafe (which is a compatible command-line version) meets my needs.
The two "hoped for" features that you listed, command-line client and synchronization, are hard requirements for me, which pwsafe meets.
Speaking as an admin, I've seen way too many end users click through certificate warnings for self-signed certs without understanding what they are doing. Firefox is doing the right thing (and now that IE 8 is doing something similar, I'd say they aren't the only ones who think so.)
...to rhyme with 'atrocities' ?
Given its constituency, the only thing I expect to be "open" about [the Open Software Foundation] is its mouth. -- John Gilmore