OpenSSH has the TrustedUserCAKeys option, which enables one to allow access to all users that have a signed public key by the specified CA (certificate authority). So there's no need to configure each users ssh keys on the routes.
Is there an analogous option in RouterOS?