[Snawoot]

OpenSSH supports server verification via certificates. So one can sign all his installations with common trusted certificate and do not reinvent the wheel. Certificate authentication may be applied both for client and server.

Related readings: https://ef.gy/hardening-ssh https://access.redhat.com/documentation/en-us/red_hat_enterp...