Agree but even if you compromise the white list, you still need to get over ssh's own security, so I see that as adding another lock rather than substituting it, and mostly as a protection against someone scanning the IP address space when a new unpatched zero day surfaces.

As for the desktop environment, you can add an API to the website.