We've switched to them based on Hashicorp Vault and I think they are an improvement in security and convenience.
Before SSH host certificates, using tooling like ansible was seriously annoying, especially to the monthly ansible users, compared to the daily ansible users. If you tried using ansible once a month without our host key certificates, you'd have ansible barf about a dozen unknown host keys due to them being rebuilt and other things. Then you fix that, then they do that one ansible run, then it lies around for a month and back you go to square one.
I'm not sure HOW you'd stage an actual attack there, but people got used to just accept SSH host keys whatsoever, so the vulnerability was there.
Now we have host key signing based on Vault. This is a huge improvement in my book. Base infra guys know when they've reset a VM to a base image (which resets SSH host keys), so they know when to expect a TOFU request from their SSH upon first connect to the just rebuilt system, so they accept those. Afterwards, one of the first things the config management does is to sign those host keys and then the accepted host keys are usually deleted again.
There probably is a window of vulnerability in there, but that's getting pretty hard to attack and I'm sure there are easier ones in the overall infrastructure.
The main problem at this however is that you need some safe and secure place for the CA, and ideally automation to sign those host keys. And it needs to be enough of a problem to do all of that.
Before SSH host certificates, using tooling like ansible was seriously annoying, especially to the monthly ansible users, compared to the daily ansible users. If you tried using ansible once a month without our host key certificates, you'd have ansible barf about a dozen unknown host keys due to them being rebuilt and other things. Then you fix that, then they do that one ansible run, then it lies around for a month and back you go to square one.
I'm not sure HOW you'd stage an actual attack there, but people got used to just accept SSH host keys whatsoever, so the vulnerability was there.
Now we have host key signing based on Vault. This is a huge improvement in my book. Base infra guys know when they've reset a VM to a base image (which resets SSH host keys), so they know when to expect a TOFU request from their SSH upon first connect to the just rebuilt system, so they accept those. Afterwards, one of the first things the config management does is to sign those host keys and then the accepted host keys are usually deleted again.
There probably is a window of vulnerability in there, but that's getting pretty hard to attack and I'm sure there are easier ones in the overall infrastructure.
The main problem at this however is that you need some safe and secure place for the CA, and ideally automation to sign those host keys. And it needs to be enough of a problem to do all of that.