[longislandguido]

This discussion is full of schizo solutions to "secure" SSH, most of which make no practical sense or have no technical basis.

There really needs to be a definitive best practices guide published by a trusted authority.

[kackerlacker]

In my view it is more important to stop using software keys so probably use sk (fido) for both host and user.. From there CAs would be a next step.. The level of documentation and example setups is astoundingly poor if you even look at step 2 for any feature. I.e. SK keys are reasonably understood for user keys but the setup as host keys is vague and needs testing to see if it really works.

[elric]

Can you give some examples of which suggestions you think are schizo?