Why SSH Key Management Is Broken and How Certificates Fix It

If you manage more than a handful of servers, you already know the pain. Every new developer who joins the team needs their public key added to authorized_keys on every server they need access to. Someone leaves? Good luck remembering all the places their key was authorized. And let's not talk about the first time you SSH into a new server and have to decide whether to trust that host fingerprint you definitely didn't verify. SSH certificates solve all of this, and they've been baked into OpenSSH since version 5.4 (2010). Yet almost nobody uses them. Let's fix that. The Root Problem: Trust Doesn't Scale with authorized_keys The traditional SSH model works fine for one person with three servers. But it falls apart fast: Onboarding is manual. Every new team member's public key needs to land on every relevant server. That's N users × M servers worth of configuration. Offboarding is terrifying. Did you remove that key from every server? Are you sure? What about that one bastion host nobody