No need to have ssh access in order to use an ssh key for just sftp because the key can be transferred by sftp to the appropriate path.
The passphrase is recommended as at least 10–30 characters, any characters, therefore a phrase more so than a word.
Possible to have an empty passphrase, which then results in no need to unlock the key each time, therefore login needs only username and destination. Either way, a single key can be for many different uses. The former contradicts the typical recomendation of always having a strong password, and the latter contradicts never using the same authentication anywhere else.
On the other hand, such an alternate key allows for access to an account while neither needing nor revealing the account password. That means nothing that requires the password can be done in the account when only the key is known.
Generate a key with the latest format using
-b to specify the number of bits; 1024 is minimum, 2048 is default. The comment is set with
-C, since the default is something like "firstname.lastname@example.org".
ssh-keygen -o -t rsa -C "description"
Or change comment afterwards with
Obscure the hostnames and addresses in the "known_hosts" file.
Either copy the key to "~/.ssh/authorized_keys" on the other host, or use the ssh copy command to have it appended automatically (optionally specifying the server).
ssh-copy-id -i ~/.ssh/id_rsa.pub user@[server.]domain.tld
Test the connection.
Generate a new host key and replace the current key. Useful when the remote host identification has changed.
ssh-keygen -R domain.tld