MV
A weakness of SSH is SSH private key never expire. We can use AuthorizedKeysCommand We can also alter ~/.authorized_keys content based on some key store. In AMI we need to configure AuthorizedKeysCommand which will run every time before public key is compared in ~/.authorized_keys and recreate ~/.authorized_keys based on user uploaded keys or admin deleted keys. this github project have implementation https://github.com/widdix/aws-ec2-ssh