Having created the user's account, we now need to provide a secure way for him to log in. We can do this using the SSH protocol.
SSH is a more secure way of controlling user access than the traditional "username and password" approach. Instead of using a password, which the user has to keep secret, it uses two pieces of information: the public key and the private key. Only the private key has to be secret. You can put your public key on any computer, or publish it to the world if you like. But no one can log in to an account controlled by your public key unless they also have the matching private key.
This has the pleasant consequence that you only need one SSH key, and you can use it for everything. It's a very bad idea to use the same password for multiple accounts, but with SSH, that's no problem. So long as you keep the private key secret, you can use your public key everywhere.