I assume op’s system was to allow A to ssh to B, but not to C. (With lot of different As and Cs)
Where “but not to C” is the reason for existence.
How certificates simplify that part?
(Never used them, but my understanding they are usefull when you want x1,x2,… ssh’ing into y1,y2,…; two uniform sets; if set sizes approach 1, then cert usefullness aproach zero)
I would have been a good use case, but unfortunately no, if your key was registered it would be left alone on all servers (though you had to place it, and access control was done by way of bastions).
Ssh certs weren't used because the system was put in place before they became commonplace.
Where “but not to C” is the reason for existence.
How certificates simplify that part?
(Never used them, but my understanding they are usefull when you want x1,x2,… ssh’ing into y1,y2,…; two uniform sets; if set sizes approach 1, then cert usefullness aproach zero)