The SSH server supports public key authentication if the server has been previously configured to know the client’s public key.
Using public key authentication (also known as PKI) can be more secure than the existing username and password method for the following reasons.
A user will typically reuse the same password with multiple servers. If the password is compromised, the user must reconfigure the password on all affected servers.
A password is not transmitted between the client and server using PKI. Instead, the sensitive information (the private key) is kept on the client. Therefore, the password is less likely to be compromised.
The 7705 SAR supports server-side SSHv2 public key authentication but does not include a key-generation utility.
Support for PKI should be configured at the system level where one or more public keys may be bound to a username. This configuration will not affect any other system security or login functions.
PKI has preference over password authentication. PKI is supported using local authentication. PKI authentication is not supported on TACACS+ or RADIUS.