A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.
People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.
One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.
Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:
