Using SX3008F with the beta 1.20.14 firmware (because I had lockup issues with the latest release firmware). SSH is enabled in the default configuration (no SSH-related statements in “show running-config”), and the SSH public key (RSA 4096) was uploaded using the web interface.

#show ip ssh

 Global Config:
  SSH Server:         Enabled
  Protocol V1:        Disabled
  Protocol V2:        Enabled
  Session Timeout:    360
  MAX Clients:        5
  Port:               22
  Key Type DSA:       Disabled
  Kex Compatibility : Disabled

 Encryption Algorithm:
  AES128-CBC:         Disabled
  AES192-CBC:         Disabled
  AES256-CBC:         Disabled
  Blowfish-CBC:       Disabled
  Cast128-CBC:        Disabled
  3DES-CBC:           Disabled
  AES128-CTR:         Enabled
  AES192-CTR:         Enabled
  AES256-CTR:         Enabled

 Data Integrity Algorithm:
  HMAC-SHA1:          Disabled
  HMAC-MD5:           Disabled
  HMAC-SHA1-160:      Disabled
  HMAC-SHA2-256:      Enabled
  HMAC-SHA2-512:      Enabled
  HMAC-RIPEMD160:     Enabled

 Key Type:           SSH-2 RSA/DSA
 Key File:
ssh-rsa AAAAB....

I also have a syslog server configured:

logging host index 1 <ip> protocol udp port 514 level 7

In this configuration, if I log in using SSH with password authentication (ssh -o PreferredAuthentications=password admin@SWITCH), the switch sends proper syslog messages on both login and logout:

SSH 53017 - - Login the CLI by admin on ssh (<IP>)
SSH 53016 - - Logout the CLI by admin on ssh (<IP>)

However, if I log in using SSH with public key authentication, I get a usable CLI session, but the switch does not send any syslog messages on login, and sends only the “Logout the CLI by admin on ssh” message on logout. This looks like a bug — there should be a syslog message for every CLI login regardless of the authentication method.