The private key is able to generate signatures. A signature created using your private key cannot be forged by anybody who does not have that key, but anybody who has your public key can verify that a particular signature is genuine. That is how server authentication protocols are currently implemented. The server sends a snippet of random data that your client then signs and returns to the server. The server uses your public key to verify the signature.
Note that if the server side has no independent means of knowing that your public key comes from you, then you could use a digital cert signed by a trusted third party to validate the pubic key. Most sys admins don’t go this far when setting up authenticated logins manually, but a personal cert is sometimes required for financial systems. Search “PKI”.

If the server side generates the key pair, then you would need a way to securely transmit that key pair to an authenticated client, then destroy the private key on the server side.

I would be possible to set up a client authentication system with the private key on the server side and the public key on the client side. The authentication protocol would be that the server would send a random snippet to the client for encryption and the client would return the encrypted snippet to the server. The client would have to secure the public key against compromise, and it would only be good for one server, whereas when the private key is on the client side the client can use the same public key for authentication against multiple servers.