I have successfully SCPd files back and forth using commands like the one below:
I would then enter my password for www.mysite.com and the xfer begins.

I now need to SCP files from my host, who insist on using an SSH key pair. I have the SSH keys all set up and have SSHd into the site fine, however how do I use this with the SCP command?

Many thanks for any help.
Tim

I thought the first time you tried to either use SSH or SCP that it would exchange keys and then you have the option to accept or reject them.

Once that is completed between hosts, and approved, they should be all set to do either SSH or SCP. I'd suggest you try your SCP command and see if it is all set, because my suspicion is that since you have successfully done SSH, the keys are already set up.

Exactly the same. You can create a ssh client config file (~/.ssh/config) to save options i.e.

And then from the command line
ssh myserver
or
scp -r myserver:/*tar.gz /

Just like ssh scp will automatically try sending the default key i.e. id_rsa etc. If the key file is named something else then it needs to be specified on the command line or in the config file.

The first time you log in and accept is the host key i.e what is saved in known_hosts.

You can take that a step further and actually specify which key to use.

See "man ssh_config" for the details on all the options.

But just to pick a nit, the actual keys never get sent. The private key, in particular, never leaves your machine. What happens in the case of key-based authentication is that the server uses the stored public key for that account and generates a challenge. If the account connecting to the server has the right private key it can decode the challenge and include it with a hashed response. If the response checks out ok then the server goes ahead with login.

Your correct about the keys...

The initial prompt about "the identity of the site," when you connect to a new site for the first time, is intended to deter imposters ... to detect if some server is impersonating the one you thought you were connecting to. Subsequent connects to the site are expected to return the same random key and to use the same IP.

SCP uses SSH as its communication protocol, and adds file-copying on top of that.

Remember the usual rules about SSH and certificates, such as the fact that the requirements for directory and file permissions.

It is much more secure to use certificates ... and to require certificates, not permitting SSH to "fall back" to passwords nor anything else.

If you don't set the options permanently in ~/.ssh/config as shown above then you could do the -i option just like with ssh

rsync is another good option and runs over SSH.