SSH keeys come in pairs:
Public key should be copied to servers into ~/.ssh/authorized_keys (it let's the server authenticate the user).
During the client authentication, the client will use its private key, and it will be verified by the public key stored in ~/.ssh/authorized_keys.
Private key is password protected when encrypted. A passphrase is only used to unlock the private key locally and is not transmitted in any form to the remote host.
This will generate private/public keys in the default directory:
$ ssh-keygen -b 4096 # default size is 2048
Files are here:
clienthost:~ user$ ls -l .ssh/ | grep id -rw------- 1 user user 1831 Aug 10 20:50 id_rsa -rw-r--r-- 1 user user 407 Aug 10 20:50 id_rsa.pub
After public key is copied to remote serve:
$ chmod 700 .ssh/ $ chmod 600 ~/.ssh/authorized_keys # paste your public key into this file
There is also a simpler way to copy a public key:
$ ssh-copy-id pi@192.168.2.73
/etc/ssh/sshd_config:
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
$ ssh-agent $ ssh-add