The goal of SSHARK is to allow the expiration and revocation of SSH client keys by putting information in DNS TXT records... without creating any additional public key infrastructure, without having to run a special version of the SSH server, and without having to actively manage authorized_keys files.
How is this possible? With SSHARK, information about SSH key validity is stored in DNS. The information is signed by the SSH key itself rather than with a separate certifying key. The validity check is performed on the server side by using the command="..." facility available in the authorized_keys file as supported by OpenSSH and DropBear SSH servers.
SSHARK is meant to be simple to use. Here's a brief how-to. Be careful not to lock yourself out of your house. :-)