The client public key file format allows for a username to be provided in the "Subject" field the SSH2 public key. Additional private headers can be used. The privilege level can take three values : 0 READ-WRITE/ADMINISTRATOR, 4 PORT-CONFIG, and 5 READ-ONLY. The following public key example shows the two headers that are used by the device. No continuation lines are allowed in the file for these headers.
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "rsa-key-20121206" Subject: brcd x-extreme-privilege-level: 0 AAAAB3NzaC1yc2EAAAABJQAAAQEAkwiApY1x4T/DHII5JzR2OgqcF5vjlubNcvSE UjkGmiRBDSOicjxS0ZLm1b2xFpVzw8XxSSy8cxvntfs5ortOt80QzynqgL+H2zJa Lb4Qbu6/1vakJbPb/VUJE66Zezh0c8mze6zTbiP4iQ/Wn2lxpSmlS5cdowmFlZ7B 97xcagJIBl+7JKuvj8P+85ESUf2/pcrogqx7gdr1IpP2nev5s4xwCWFGtr2R/yMF Q9h0xLcc4A7vLTDuY/h1GzLdICgtNYdqpUhpw+w0DkTKbQuDPd0gkwHkoFwg85lE 4VCDevdC/DeOCNJjNp9NbVD+SW6uL4NymmV7/i0YbPyl3gTESQ== ---- END SSH2 PUBLIC KEY ----
After decoding the base64 encoded public keys to binary format, a SHA256 hash of the binary format key is created. This hash is saved to memory. Verify that the hash is unique across the hashes of client public keys that have already been parsed. Additionally, non-empty usernames are also verified to be unique across the usernames already parsed in the public key. Access is denied if the usernames are mismatched.
The username has the following restrictions: