My brain is wrapped around the axle on public and private keys. When you create a cloud server (instance) on Amazon's EC2 service and then want to connect to it via SSH, Amazon requires you to download private a key to make the connection. Doesn't the idea behind public/private key suggest that Amazon should be require you to download a public one? Further, if I set up an SFTP server for a customer to use, should I be installing their key on the server or giving them a key from the server? In either case, should it be a public or private key?