I looking for a way to get a signed openssh user certificate without using the subprocess library, equivalent to the following command:
ssh-keygen -s user_ca -I ID_USER -n user1,user2 -V+1d user-key.pub
Output:
ssh-rsa-cert-v01@openssh.com AAAAHHNza ... user@hostname
The sshkey-tools library solves my problem