OK; that clarifies things a bit - thanks!
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
If so, how does the server get the public key?
If the goal is to prove the identity of the client, is this basically the inverse of using a host key fingerprint (rather than the server proving its identity to the client, the client is proving its identity to the server).
What is the implication if the client does not use a private key and just relies on a password? Is this simply that you are then relying on a single factor rather than two factors?
The scenario I have in mind is:
1) The client requests access to the server from an admin (does the client supply a public key here?)