Introdution
mcabber is a small Jabber console client.
mcabber includes features such as SASL/SSL/TLS support, MUC (Multi-User Chat) support, history logging, command completion, OpenPGP encryption, OTR (Off-the-Record Messaging) support, dynamic modules and external action triggers.

otr setup
http://blogs.fsfe.org/smc/?p=21
mcabber man
http://mcabber.com/files/mcabber.1.html

A SSH tunnel consists of an encrypted tunnel created through a SSH protocol
connection. A SSH tunnel can be used to transfer unencrypted traffic over a
network through an encrypted channel.

"Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes.

Mosh is a replacement for SSH. It's more robust and responsive, especially over Wi-Fi, cellular, and long-distance links.

Mosh is free software, available for GNU/Linux, FreeBSD, and Mac OS X."

awesome!

Currently we manage it by manually editing ~/.ssh/authorized_keys files on every account that needs that, but that is a lot of work and prone for mistakes.

Is there any ready tool to manage public keys in such scenario? Do you have your own solutions? Or is that whole idea of managing systems this way flawed?

I have always been intrigued with encrypted network tunnels, be it ipsec(4) or ssh(1). Yet, I don't think that anything beats SSH VPN tunneling on OpenBSD for a quick, elegant and stealth-like solution without the IPsec headaches.