You can import SSH client public keys to establish an authenticated login to the device from an external ssh client.. You can also delete the key from the device to prevent it from being used for an authenticated login.
device# certutil import sshkey user admin host 10.70.4.106 directory /users/home40/bmeenaks/.ssh file id_rsa.pub login fvt
fvt login
credentials for logging into the external server for the scp. device# certutil sshkey user admin pubkey “ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnim+Ofjx/id3z2jDxXu9DcMuQqVq/NKi2Lms+q7dA5Dqww8jlrOGawG8tMySOvnB1ZEvJt1kqNneRi4l6Ot4/7hfd99rIOPGBP/NJs6xTLUrQhDgxB78ddTg+6euBtkYLTAaTC7kbXGXcO8VVB9+4xrH+0bkvjU9RRvGJguUfdiFKEfIGVOyt0atdHi1dmgQ9BE0cO65nc/i9MjMJedBe174/QT4TxeGeEgaQ57c2AL5It2V4CzrZBDtnixdnHUO5w2vmBR61LZIDVT1fuX/xYxDAm9H8SDpDX8pZlfFpQBy/wrkIYPZ/p4OLrUApB/XAJGujrlNlZLEu9U9MPVM/ root@ldap.hc-fusion.in”
When the public key is imported (using certutil import sshkey) or copied (using certutil sshkey) for a user, password based authentication will become a fallback option for that particular user; This user will be allowed login using public key. If a user tries to login from any other machine for which public key is not present on the device then the user will be prompted for a password. Once the public key is removed for the user, only password based authentication will be enabled for that particular user.
Note
Whenever the public key is imported or removed, the SSH server is automatically rebooted and all active SSH connections are terminated.device# no certutil sshkey user admin
Note
Whenever the public key is imported or removed, the SSH server is automatically rebooted and all active SSH connections are terminated.