LDAP ad AD are the ways I have seen SSH key management done. [1] LDAP clients should be configured to cache creds in SSSD.
Servers and workstations (clients of the LDAP server) should be configured to only use authorized keys from LDAP and not locally as they can contain multiple public keys which quickly gets harder to audit and harder to catch someone slipping a public key into the local authorized_keys.
LDAP ad AD are the ways I have seen SSH key management done. [1] LDAP clients should be configured to cache creds in SSSD.
Servers and workstations (clients of the LDAP server) should be configured to only use authorized keys from LDAP and not locally as they can contain multiple public keys which quickly gets harder to audit and harder to catch someone slipping a public key into the local authorized_keys.
[1] - https://serverfault.com/questions/653792/ssh-key-authenticat...