I decided that I wanted to automate my rotation, so I built a shell script to do it, then wrote about it.
If you Google "ssh key rotation" you will find my article as a "featured snippet."
I don't think that I need a CA, as I only have personal and admin keys (two sets) and I'm flipping these once a quarter. Plus, I don't have expired entries in my authorized_keys (do CA users ever clean out authorized_keys?), and these are very clean as I see them regularly.
If you Google "ssh key rotation" you will find my article as a "featured snippet."
I don't think that I need a CA, as I only have personal and admin keys (two sets) and I'm flipping these once a quarter. Plus, I don't have expired entries in my authorized_keys (do CA users ever clean out authorized_keys?), and these are very clean as I see them regularly.
https://www.linuxjournal.com/content/ssh-key-rotation-posix-...