1. Client’s private key (identity key, e.g., id_rsa) stays with client and should not be distributed. Client’s public key,e.g., id_rsa.pub, goes to the server, which is stored in server’s autherized_key file

  2. passphrase is used to encrypt/decrpt client’s private key

  3. In a cluster mode, shared host key between hosts may be alright

  4. Host key is the SERVER’s public key. It is stored in ssh_host_<rsa/dsa/ecdsa/ed25519>_key file on the server, known_host on the client, if the client connects to the server ever.

  5. Known_host is of format - [host],IP ALGO key

  6. login is accepted if client proves that it knows the secret key, and the public key is in autherized_key file