@nixCraft@mastodon.social

Depends on the environment.

In AD-integrated environments, it's a mix of GSSAPI tokens and password-based authentication.

In IPA-integrated environments, it's been a mix of GSSAPI tokens, SSH authorized_keys and passwords.

In "cattle" environments, it's been SSH authorized_keys (injected at deployment-time via cloud-init or subordinate processes).

A significant percentage of my customers are both RHEL-using and not-exactly-proactive in how they migrate to newer EL majors or (especially) retiring older EL majors. As such, migrating to SSH certificates is pretty much a non-starter since not every RHEL version supports their use (nor do they want instantiate the additional infrastructure to support it).