I can't wait for the v5.8 templates and MCIs. Our company had to implement our own user separation by parsing the authorized_keys file in roots .ssh directory. I would be very interested in talking with anyone on your team in regards to this feature. Perhaps we could help identify extra use cases or configuration details. I had previously requested this feature. In my mind, this is a huge value add for RightScale. We had to implement it ourselves as we prepared for a PCI audit and everyone using root to access the box (separate keys or not) was not going to pass the audit.