If you trying to authenticate a user using a key (instead of password), the user is supposed to generate a private/public key pair. The public key would then have to be associated with the user account at the server, and the private key kept by the user and not shared with the server administrator or anyone else (when SshPrivateKey is supplied to LoginAsync method, it is not sent to the server, it's just used to perform a key-based authentication using an asynchronous cryptography algorithm such as RSA).