Standalone private key for a separate account that has write-only access to the backup area and little else?

In this case the key would act more like an access token for a specific operation that you're trying to perform, rather than as a key to a generally usable account.

Yes that makes sense. I think grandparent could have been more precise. I assume he mean _personal_ private keys.

I think he's talking about

    $ ssh-keygen -t rsa
    $ mv .ssh/id_rsa.pub .ssh/authorized_keys
    $ cat .ssh/id_rsa
    $ exit
    logout

In theory, I know Genode and other capability based systems could be answer this question... but not in practice. I'm off on that tangent seeking answers. Thanks for the "hacking prompt"

Use HTTP, there's absolutely no reason to be using SSH if you're just transferring files around.