Before SSH can be used with PKI, someone must generate a public/private key pair. This is typically supported by the SSH client software. For example, PuTTY supports a utility called PuTTYGen that generates key pairs.
SR OS currently supports only RSA and ECDSA user public keys.
If the client is using PuTTY, they first generate a key pair using PuTTYGen. The user sets the key type to SSH-2 RSA and sets the number of bits to be used for the key. The user can also configure a passphrase that is used to store the key locally in encrypted form. If the passphrase is configured, the user must enter the passphrase to use the private key, acting as a password for the private key. If a passphrase is not used, the key is stored in plain text locally.
Next, the public key must be configured for the user on SR OS using the config>system>security>user>public-keys command. On the SR OS, the user can program the public key using Telnet/SSH or SNMP.