Tunnel-Only User with Pubkey auth. with SSH

I wanted to ask you if there are some security issues
if I create a special user with a nologin-shell for tunneling
only and I set up public-key authentication.
I have put a Public Key at ~/.ssh/authorized_keys
and copied a private key with a passphrase to my client machine.
Now I wanted to ask how SSH sends the KEYS (Key-Exchange)..
Are they sent in Cleartext (sniffable) or are they secure to use?

Best regards,