Thanks for the replies. I didn't mention the second part of my question as to how is it done ? Gaia GUI: no way to enter the keys when scheduling a system backup. CLISH either AFAIK , or maybe I don't have the proper glasses on... Do I need to use mgmt scripting fu to have it done and add it to crontab ?

You could use host keys to add the keys in the RBA configuration of your GAIA.

Thanks folks... got it working now.

I wonder how you made it work. 
I keep getting this error with scheduled backups and ssh key authentication (see below) even though I can ssh or do a once off backup from the gui with ssh key authentication.

scheduled_backup: Error : Base64 decode failed
scheduled_backup: schedule backup: obfuscation error
scheduled_backup: /bin/scheduled_backup: rc=-1

AFAIK, using SSH keys to transfer backup files is still not supported. You can double-check it via a TAC case, to get an official answer. You can also open an RFE and ask to support this feature. 

oh really? It has always worked for me in R77.20, R80.40, R81.10.
It has only failed in R81.20 now 

Are you talking about a scheduled backup or an immediate one? 

scheduled backup with ssh keys works for me in r77.20, r80.40, r81.10

immediate backup with ssh keys  works for me in r77.20, r80.40, r81.10 and  r81.20 too

Ok, I might be wrong then. Please check with TAC if it is supported, and take it with them, if it is

Hello Luis Miguel,

It's been a while, but this is from my notes:

create ssh key with command ssh-keygen in bash

Then in clish:

add ssh hba hostname <ip address of server> public-key access-mode standalone file /home/admin/.ssh/id_rsa.pub

connect with ssh to server with -i and answer yes... the server's fingerprint will be added to the known_hosts file.

To test one time: backup scp ip <ip address of server> path <path to backup on server>/ username <username> password 1234

Then I simply created the scheduled backup in the GUI...

weird I get that error in r81.20, doing the same

scheduled_backup: Error : Base64 decode failed
scheduled_backup: schedule backup: obfuscation error
scheduled_backup: /bin/scheduled_backup: rc=-1

as a workaround, I replace the schedule backup scp with ssh keys with:
1) scheduled backup stored locally

2) cron job with scp localbackup.tgz remoteuser@remotescpserver

I found another issue, the retention policy fails when  configured to 1. 
My expectation is that if it is configured it to 1, the system will delete the old backup and will run a new backup. But it the schedule backup service just hangs and you need to reboot the firewall manager.
So eventually configured the retention policy to 2.