Comment 5 for bug 834930

As a workaround for not having this, a subordinate charm can be used.

The basic gist would be:

* sub charm has config option for allowed SSH keys
* deploy/relate it to all nodes
* juju set my-ssh-keys authorized_keys=`cat /the/true/lsit`

The config-changed hook can then update all machines' ssh keys to the ones given in authorized_keys.

The only trouble here is you will have to manually update the key on node 0, *or* deploy a dummy service to it with "placement: local" which can then have the my-ssh-keys subordinate related to it.