Please describe what you would like to see in ContainerSSH

SSH certs can be signed by a 2nd key, acting as a Certificate Authority. While doing so, User based, short lived SSH certificates can be created by tools such as mysocket.io, cloudflare and smallsteps.
I'd like ContainterSSH to validate the key and keysignature of the CA and pass these properties onto the authN webhook for external authorization.

Please describe the solution you'd like

CSSH should validate the signer (CA) signature. If valid, all the cert details should be parsed and sent to the authN backend for further processing/validation (eg: do we trust this CA?)

Please describe your use case

The mentioned tools provide very user friendly abstraction of user validation/SSO. Additionally some network tunneling to expose CSSH to the untrusted networks in a safe way.
If cssh can reliable built upon the preprocessing done by the certprovider, it would make for a great addition to the cssh capabilities as a jumphost