<< THESE COMMENTS ARE ADDED FOR ADDITIONAL CLARITY AND EXPLANATION >>
=====================================================================
root@email:/Backup# adduser
Login name for new user []: backups
User ID ('UID') [ defaults to next available ]: 9000
Initial group [ users ]: root
Additional UNIX groups:
Home directory [ /home/backups ] 
Shell [ /bin/bash ] 
Expiry date (YYYY-MM-DD) []: 
New account will be created as follows:
---------------------------------------
Login name.......:  backups
UID..............:  9000
Initial group....:  root
Additional groups:  [ None ]
Home directory...:  /home/backups
Shell............:  /bin/bash
Expiry date......:  [ Never ]

This is it... if you want to bail out, hit Control-C.  Otherwise, press
ENTER to go ahead and make the account.
Creating new account...
Changing the user information for backups
Enter the new value, or press ENTER for the default
        Full Name []: Backup Account for Transfers from 'master'.  
        Room Number []: 
        Work Phone []: 
        Home Phone []: 
        Other []: 
Changing password for backups
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New password: 
Bad password: too simple.  
Warning: weak password (enter it again to use it anyway).
New password: 
Re-enter new password: 
passwd: password changed.
Account setup complete.

root@email:/Backup# su - backups
<< LOGIN AS JUST CREATED USER BACKUPS >>

backups@email:~$ ssh-keygen -b8192
Generating public/private rsa key pair.     << SEVERAL MINUTES OR MORE >>
Enter file in which to save the key (/home/backups/.ssh/id_rsa): 
Created directory '/home/backups/.ssh'.
Enter passphrase (empty for no passphrase):   << NO PASSPHRASE ENTERED >>
Enter same passphrase again:                  << NO PASSPHRASE ENTERED >>
Your identification has been saved in /home/backups/.ssh/id_rsa.
Your public key has been saved in /home/backups/.ssh/id_rsa.pub.
The key fingerprint is:
46:91:69:87:76:8e:a7:b1:ad:72:ec:c4:70:77:4a:4c backups@email
The key's randomart image is:
+--[ RSA 8192]----+
|        .+       |
|        *.o      |
|       o.=E      |
|       .ooo      |
|      . S*+ .    |
|       =oo.o     |
|       .o..      |
|      ..+        |
|       +.        |
+-----------------+
backups@email:~$ ssh ra_shared@test.remote.com ls
The authenticity of host 'test.remote.com (test.remote.com)' can't be established.
RSA key fingerprint is 5a:85:d3:90:c0:98:ec:cd:a1:43:22:72:f0:6e:3c:20.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'test.remote.com' (RSA) to the list of known hosts.
ra_shared@test.remote.com's password:      << PASSWORD NOT SHOWN >>
db
web
<< THOSE 2 ARE OUTPUT OF 'ls' RUN IN LOGIN DIR OF RA_SHARED USER >>

backups@email:~$ ssh ra_shared@test.remote.com ls
ra_shared@test.remote.com's password:      << NOTE THAT IT ASKS EVERY TIME >>
db
web

backups@email:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQC2nvl4WImSd+Ls1vAAAA+fakestuff+azN3BAAAA... backups@email
         << THE ABOVE LINE IS VERY LONG AND MAY WRAP TO SEVERAL LINES OR MORE >>

backups@email:~$ cat .ssh/id_rsa.pub | ssh ra_shared@test.remote.com cat \>\> .ssh/authorized_keys
ra_shared@test.remote.com's password:

backups@email:~$ ssh ra_shared@test.remote.com ls
ra_shared@test.remote.com's password:
<< NOTE THAT IT SHOULDN'T HAVE ASKED PASSWORD AGAIN, NOW TROUBLESHOOTING >>
db
web

backups@email:~$ ssh ra_shared@test.remote.com cat .ssh/authorized_keys
ra_shared@test.remote.com's password:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQC2nvl4WImSd+Ls1vAAAA+fakestuff+azN3BAAAA... backups@email
    << THE ABOVE LINE IS VERY LONG AND MAY WRAP TO SEVERAL LINES OR MORE, SAME AS PREVIOUS >>

backups@email:~$ ssh ra_shared@test.remote.com ls -l .ssh/authorized_keys
ra_shared@test.remote.com's password:
-rw-rw-r--  1 ra_shared ra_shared 1419 Jun  5 20:49 .ssh/authorized_keys
<<  ^^^^  ABOVE PROTECTIONS SHOW "664" BITS IN USER,GROUP,WORLD TRIO >>
<<  ^^^^  Show be "----" instead of "rw-r" >>

backups@email:~$ ssh ra_shared@test.remote.com chmod 600 .ssh/authorized_keys
ra_shared@test.remote.com's password:

backups@email:~$ ssh ra_shared@test.remote.com chmod 600 .ssh/authorized_keys

backups@email:~$ ssh ra_shared@test.remote.com chmod 640 .ssh/authorized_keys

backups@email:~$ ssh ra_shared@test.remote.com chmod 600 .ssh/authorized_keys
<< NOTE HOW THE LAST TWO TIMES DID NOT ASK FOR THE PASSWORD AGAIN >>

backups@email:~$ ##### You can have read access for other users, but the "authorized_keys" file
backups@email:~$ ##### will not be accepted if write access is available on it to other users.
backups@email:~$ ##### The file was originally read-write to users group because ">>" created
backups@email:~$ ##### a new file, if "authorized_keys" already existed this would have worked
backups@email:~$ ##### on the first try.  Note that while there's no big reason to protect the
backups@email:~$ ##### authorized_keys file from others reading, they certainly don't need it.
===============================================================================================
In summary:  Whenever you try to ssh to a remote server, a private key read from (by default
<homedir>/.ssh/id_rsa if it exists) is tried as a remote login, if it fails, you are then asked
for the password (if remote server allows password logins).  On the server side, the sshd
server looks in the <homedir of connecting user>/.ssh/authorized_keys file and tries to match
the public key of the private key that is connecting - one per line.  If it finds a match, the
login proceeds without asking for a password.  Note that an "authorized_keys" file that is not
restricted to only write by the owner is ignored (otherwise anyone could append their own key).