There are many ways to SSH. Some have more security “risks” than others. Yet, we SSH everyday…but could you improve the security of your SSH infrastructure? Maybe. Let’s find out.

Most people can agree that using public key authentication for SSH is generally better than using passwords. Nobody ever types in a private key, so it can’t be keylogged or observed over your shoulder. SSH keys have their own issues, however, some of which we’ve covered in a previous post about SSH key management.

The next level up from SSH keys is SSH certificates. … With SSH certificates, you generate a certificate authority (CA) and then use this to issue and cryptographically sign certificates which can authenticate users to hosts, or hosts to users….