@nixCraft@mastodon.social
Depends on the environment.
In AD-integrated environments, it's a mix of GSSAPI tokens and password-based authentication.
In IPA-integrated environments, it's been a mix of GSSAPI tokens, SSH authorized_keys and passwords.
In "cattle" environments, it's been SSH authorized_keys (injected at deployment-time via cloud-init or subordinate processes).
A significant percentage of my customers are both RHEL-using and not-exactly-proactive in how they migrate to newer EL majors or (especially) retiring older EL majors. As such, migrating to SSH certificates is pretty much a non-starter since not every RHEL version supports their use (nor do they want instantiate the additional infrastructure to support it).