It’s true that the
tls provider is primarily for dealing with TLS-related concerns, although it does already have one small adaptation to allow using it with OpenSSH’s cryptography: the
tls_private_key resource type has a
public_key_openssh. That represents the same data as
public_key_pem, but it’s formatted in the shape OpenSSH expects to see in
I’m not super familiar with OpenSSH’s certificate-based authentication, but if it has a similar characteristic of just being a non-standard serialization of the same underlying data structures that TLS uses then in principle resources like
tls_self_signed_cert could also produce the OpenSSH syntax alongside the PEM syntax.
I’m not certain of how much work that would take or what exactly it would look like, but if it sounds promising and you have the time/motivation to help with some design and/or implementation work for it then we could get that discussion started in a feature request issue in the
hashicorp/tls provider repository.