What function does the -privatekey flag (or SessionOptions.SshPrivateKeyPath property) serve, in the SFTP case? I know what a private key is, but I am not clear on how it is used in this case. The client has the private key, so does this assume the server has a matching public key? If so, how does the server get the public key?
If the goal is to prove the identity of the client, is this basically the inverse of using a host key fingerprint (rather than the server proving its identity to the client, the client is proving its identity to the server).
What is the implication if the client does not use a private key and just relies on a password? Is this simply that you are then relying on a single factor rather than two factors?
The scenario I have in mind is:
1) The client requests access to the server from an admin (does the client supply a public key here?)
2) The admin provides a username and password (while registering the public key with the server?)
3) The client accesses the server by providing the username and password.
4) The server returns the public key and the client checks this against the private key(?).
My confusion arises because I am struggling to picture how the key exchange happens in the real world. I don't recall ever using a private key when accessing an SFTP server, but maybe the servers I have been accessing have just not used that level of security.