puppet enterprise node install - Security risk?

view story

http://serverfault.com – I am learning puppet and using this tool install puppet clients on nodes. puppet node install --login=root --keyfile=~/.ssh/id_rsa --install-script puppet-enterprise --installer-payload ~/puppet/puppet-enterprise-2.7.0-ubuntu-12.04-amd64.tar.gz --installer-answers ~/puppet/installer.answers --puppetagent-certname puppet.node01.example.com Everything seems to work ok. My question is why this command requires me to pass along the private key of the ssh user. Shouldn't this only require the public key? Isn't this a security risk? It was my understanding you are supposed to keep (HowTos)