I'm really perplexed by this choice... at my current employer we only deploy developer SSH keys to devices with DEV or QA firmware. Prod images are signed and have SSH entirely disabled.
We have a separate piece of software to remotely access devices in prod to help diagnose engineering issues, where we can pull up a REPL, but that's under access control and gated by devops etc.
This is deeply ironic to me because this company is run by the same guy who has his underlings tearing through our government data, secretly building repositories with titles like NxGenBdoorExtract[0]. I don't trust this guy at all.
We have a separate piece of software to remotely access devices in prod to help diagnose engineering issues, where we can pull up a REPL, but that's under access control and gated by devops etc.