The passphrase is stored on the client. It's the client who asks for it.
For your second question:
"9.4.4 Public Key Authentication
The use of public key authentication assumes that the client host has not been compromised. It also assumes that the private key of the server host has not been...
ChrisH
For your second question:
"9.4.4 Public Key Authentication
The use of public key authentication assumes that the client host has not been compromised. It also assumes that the private key of the server host has not been...
[ more ]