The device stores or uses the username that is provided by the SSH client when public-key authentication is used. Therefore, the username is mentioned in the login and logout syslogs.
The devices save the username from the public-key authentication request. The username is used in the login and logout syslogs. When FIPS mode is operational, the device uses the username to match against the username attached to the SSH client public key stored on the device. If the two usernames do not match, the authentication request is denied.