Description of problem: In our documentation, there is no information about the rotation of ssh key. As a best practice, the ssh key should rotate. In our official documentation[1] we mention fernet key and password rotation but nothing about ssh key rotation. On RHOSP16.2 we have: - heat-admin ssh key on undercloud that is present on all overcloud nodes as authorized_keys under /home/heat-admin/.ssh/authorized_keys - heat-admin ssh key on undercloud that is present on all overcloud nodes as authorized_keys under /root/.ssh/authorized_keys - Generated by TripleO ssh key that is present on all overcloud node as authorized_keys under /home/tripleo-admin/.ssh/authorized_keys - tripleo-admin ssh key that seems not present on overcloud nodes. From upstream doc[2] it seems we should care only about the heat-admin key on heat-admin overcloud user. We should review it and write in our official documentation. Additional info: [1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html-single/security_and_hardening_guide/index [2] https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/post_deployment/update_undercloud_ssh_keys.html