[ithkuil]

The alternative would be to use certificate authorities (ssh has CA support) which allow to effectively have private keys at different levels and allow you to keep the root private key in a physical vault and use it very rarely to issue other private keys

[datadeft]

This would just offload the problem to a separate entity. CAs can be (and have been) compromised.

[ithkuil]

Sure, but isn't it more likely that a key that has to be shared by who knows how many ssh load balancer machines at GitHub and can't be easily rotated because it's pinned by millions of users, isn't it more likely that that private key gets eventually compromised or thought to be at risk at being compromised?

We need to compare the relative risks within the same context, namely within a company like GitHub

So it's not relevant to bring up failures of other CAs

[terom]

And then don't forget to setup key revocation as well, and make sure that an attacker in a position to MITM the connection cannot cause the revocation checks to fail-open.

I hope you don't need that SSH connection to fix your broken CRL endpoint!