Some SSH advanced features:
- SSH Emergency Access - design a break glass procedure for reaching SSH hosts in an emergency, using security keys that you can store offline
- How to SSH Properly - a few different ways to easily improve the security of the SSH model without needing to deploy a new application or make any huge changes to user experience - certificates, bastion hosts, 2-factor authentication
- SSH Handshake Explained
- gravitational / teleport - from How Uber, Facebook, and Netflix Do SSH
2021/09/20 - I have some SaltStack code I have yet to publish which implements a solution using the SaltStack event bus to send user and host ssh key/certificates to an ssh certificate authority for signing, and then returning and installing the signed certificates. I say this because today I read about HIBA Host Identity Based Authorization in an article at Google: Announcing HIBA: Host Identity Based Authorization for SSH .