I’ll try to give a precise description of the 3 requested steps in the original post, but I’m including some additional info which may or may not be useful to you (for the sake of making it #HowTo-able 
)
#1
You can generate the key-set for MacOS using ssh-keygen. I usually just press enter the entire way through to create an unprotected private key. It’s up to you.
Assuming defaults the keyset is now in /Users/user/.ssh/ called id_rsa and id_rsa.pub.
Next, you need to tell the SSHD service that this key is allowed, so you update the authorized_keys file
cat /Users/user/.ssh/id_rsa.pub >> /Users/user/.ssh/authorized_keys
You will need to copy id_rsa from the server to the machine running Duplicati in order to set it up.
You can either use WinSCP to download the file, or just plain open the file and copy the contents out of it using vim /Users/user/.ssh/id_rsa
#2
SSH should be enabled first. It looks like it is on your system, but if it’s not it can be done by going into System Preferences -> Sharing and then enabling Remote Login.
After ensuring SSH is enabled on the destination you need to make sure it supports the login method you want to use. I like to fail the SSH handshake as the SSH server will tell you what methods it expects (allows).
# ssh user@server -o PreferredAuthentications=none
user@server: Permission denied (publickey,password,keyboard-interactive).
If your desired option is not allowed (eg publickey or password) it needs to be tweaked in the SSHD config, there’s another thread here which may help SSH into Mac- no authentication method found
#3
To configure Duplicati for SFTP (SSH), you need the usual servername, port, path, username, and password. Username is whatever user you have on the MacOS server. Password can be omitted if you’re using a private key without password protection.
In addition to the above settings, you need a few more settings, when using private keys, under the Advanced Options
Either set ssh-keyfile to the path of the id_rsa file on your machine running Duplicati, or use ssh-key to paste the key inline.
Note: ssh-key requires you to URL encode the id_rsa file contents
ssh-fingerprint also needs to be defined, or omitted with ssh-accept-any-fingerprints.
Luckily, Duplicati will give you the option to simply press yes to add the ssh-fingerprint option when you press Test connection, so I recommend doing that.
After adding the fingerprint and ssh-key you should be able to successfully test the connection and create the remote folder (if it’s missing) and you’re ready to use SFTP for backups