If transmitting the private ssh key over to the server is what we want to avoid, would this work:

1. Encrypt the fs with a symmetric key, encrypt the symmetric key with the ssh public key, store the asymmetrically encrypted symmetric key outside the encrypted fs, throw away the unencrypted symmetric key.
2. When logging in (and after establishing a secure link), send the encrypted (symmetric) key to client for decryption, get back an unencrypted key to use for decrypting the fs.

(I’m only beginning to understand modern cryptography, so I may just have made a fool of myself, but what the hey, you live and learn.)