[midasuni]

Can’t do that in some cases. Tacacs for example doesn’t allow for private keys

[nixgeek]

I’ve worked at more than one place where you SSH into a Linux host (often just for that datacenter) using certificate-based authentication, only to be printed a JIT (just in time) password for TACACS-based usage in that datacenter, and which is only valid for a few minutes.

Workarounds are many for network devices it seems!

[vinay_ys]

Don't use that then. Tell that vendor their security posture is bad.

[blueflow]

Its Cisco. They already know that.