You may need to deauthorize accounts with SSH access from time to time. If you have the public key of the user (go to Org user's SSO details page or get use the API to get the public key), here's an idea on how to go about auditing ssh keys. You might also be able to use this to monitor for key rotation.
Recall a SSH public key fingerprint can be generated using ssh-keygen -l -f SSH Public Key File.
Then you can do the following to search for a match:
For each user from above, run curl -s -k https://github.com/[user_name].keys | ssh-keygen -lf -.
Replace the placeholder user_name with the user name retrieved from the first step.
Sample Result:
$ curl -s -k https://github.com/XXXX.keys | ssh-keygen -lf -
2048 SHA256:wW8wJbQjc/LomMFGpIt57OlBwxueTrvzo6iM2hlOXnQ no comment (RSA)
256 SHA256:aGsFptx78cA5moOzJQCvoQroJ4X+dWHXNYm6CGSNXuY no comment (ED25519)
The above results shows that the user(XXXX) has two SSH public keys and the corresponding SSH key fingerprints are returned. You can compare the output SSH key fingerprint(above) with the one that you are trying to find the match for.