Does Paramiko support certificate based authentication? The key_filename from the connect method mentioned that it supports both private keys and certs, is the certs here means Certificate-Based Authentication?
key_filename (str) – the filename, or list of filenames, of optional private key(s) and/or certs to try for authentication
connect(hostname, port=22, username=None, password=None, pkey=None,
key_filename=None, timeout=None, allow_agent=True,
look_for_keys=True, compress=False, sock=None, gss_auth=False,
gss_kex=False, gss_deleg_creds=True, gss_host=None,
banner_timeout=None, auth_timeout=None, gss_trust_dns=True,
passphrase=None, disabled_algorithms=None)
Paramiko supports proprietary OpenSSH public key algorithms supporting certificates.
The documentation of the SSHClient.connect method is more clear about it (than the documentation of the key_filename parameter itself):
key_filenamemay contain OpenSSH public certificate paths as well as regular private-key paths;