Comment Re:Companies shouldn't have this anyway (Score 1) 339
The private key is normally protected by a password, without which it won't/can't work. The password doesn't need to be sent anywhere in order to work correctly.
SSH keys are actually one of the easiest ways to get two-factor authentication ("something you have" = the encrypted private key, "something you know" = the password to decrypt it.