The SSH server supports a public key authentication provided that the server has been previously configured to know the client's public key.
Using public key authentication, also known as Public Key Infrastructure (PKI), can be more secure than the existing username and password method because of the following:
A user typically reuses the same password with multiple servers. If the password is compromised, the user must reconfigure the password on all affected servers.
A password is not transmitted between the client and server using PKI. Instead the sensitive information (the private key) is kept on the client. Consequently, the password is less likely to be compromised.
The 7210 SAS supports server-side SSHv2 public key authentication, but does not include a key-generation utility.
PKI should be configured in the system-level configuration where one or more public keys may be bound to a username. This configuration does not affect any other system security or login functions.
PKI has preference over password or keyboard authentication. PKI is supported using only local authentication. PKI authentication is not supported on TACACS+ or RADIUS.