SSH Public Key Authentication on Cisco IOS

So I’ve been experimenting with FreeRadius and have a radius working with a “Cleartext-Password” (still researching what other versions I can use) however if I create a public key for myself on the router, it will begin logging me in, show me the motd, then disconnect me. I’d like my ssh public key in free radius and not on the router (to begin with) and of course would like the login to complete.

Still trying to debug why it boots me after doing the pubkey handshake.

! note that my radius server is on the VRF-lite “relay_admin” network

aaa group server radius RADIUS_SERVERS
 server name RADIUS1_IPv4
 ip vrf forwarding relay_admin
 ip radius source-interface Loopback102
 load-balance method least-outstanding ignore-preferred-server
!
aaa authentication login default group RADIUS_SERVERS local
aaa authorization exec default group RADIUS_SERVERS if-authenticated 
aaa accounting exec default start-stop group RADIUS_SERVERS
!
radius server RADIUS1_IPv4
 address ipv4 172.16.1.10 auth-port 1812 acct-port 1813
 key SECRET_KEY
!
ip ssh pubkey-chain
  username my-test-acct
   key-hash ssh-rsa E40E01E464A9C15EEE76DDB7A10C5B8E my-test-key

Radius server has radcheck table entry:

null,"my-test-acct","Cleartest-Password",":=","my-test-password"

Radius server has radreply table entries:

  null,'my-test-acct','Service-Type','+=','NAS-Prompt-User'
  null,'my-test-acct','cisco-avpair','+=','shell:priv-lvl=15'

Don’t know where to put the ssh key or if there is a table entry for it in the radcheck?

Marcos