xiaomai

I run a fleet of thousands of business devices running ssh. I used to have ssh configured to just ignore HostKey warnings but that always made me a little uneasy. Setting up an ssh CA and signing host keys was just a one-night project and it has made working with devices much more convenient and safe.

aberoham
Another really easy way to do this is to simply augment or replace your openssh daemon with Teleport. We just added a feature to master that handles CA rotation automatically for an entire fleet. Check it out on GitHub https://github.com/gravitational/teleport