In general, most companies use public key authentication for their SSH deployments. Public key authentication uses asymmetric cryptography via a public/private key generated for each user and each host to authenticate. The general workflow of SSH key authentication is as follows: an SSH key pair is generated by a computer, you submit the public key to a server or admin for key approval and distribution, an admin then approves and deploys the public key to the server, and finally the user can now SSH into the server. While this is mostly secure and effective, public key authentication has its drawbacks - keys never expire, and the key approval and distribution process is long and unnecessary. Asking users to upload private key material to Cased Shell is fraught with perceived and real risk. We are following the best practices of the biggest tech companies in the world by offering SSH certificate authentication to provide users a better experience.