So one thing started to bother me today since i met one sysadmin. So imagine a client wants access to a company server vis ssh/sftp that use key authentication. Should the company's sysadmin generate the private and public key and give the private key to client. Or should the client generate the keys himself/herself and give the company's sysadmin the public key?
This been annoying me, don't know why. Any ideas or real facts?