When establishing the SSH connection, the client first asks the device which authentication methods are permitted for this connection. If the public key method is allowed, the client searches for private keys that have been installed and transfers these with the user name to the device.
When the device finds an entry in the list that includes the user name that corresponds to its public SSH key, the SSH connection is permitted. If the client does not have a suitable private key installed or if the device does not have a corresponding entry with the user name or public key, the SSH client requests authentication by user name/password—as long as this authentication method is permitted—or it aborts the authentication process.