SSH does support certificate based auth, and it’s a great upgrade to grant yourself if you are responsible for a multi human single user system. It grants revocation, short lifetime, and identity metadata for auditing, all with vanilla tooling that doesn’t impose things on the target system.

> multi human single user system

A rather niche use-case to promote certificate auth... I'd add the killer-app feature is not having to manage authorized_keys.