- disable use of stored configs for ssh-known-hosts - manage the /etc/ssh/ssh_known_hosts content
- manage python script/venv to sign ssh host certificates - add approle_id to puppetmaster eyaml files - add class to sign ssh-rsa host keys - add facts to check if the current principals match the desired principals
