The key is stored in a file at /var/lib/openhab2/etc/. Technically we are not supposed to be editing the files in this folder and they are considered system files, not user-space files. But there are some things we just can’t do without changing these files, like changing the Karaf console password. I know that when using Docker, changes to these files are preserved. I’m reasonably sure that when using apt or openHABian to update these files get overwritten and therefore returned to the default.
Note that this is a double edged sword. For example, I had changes made to my logging config that I kept for a long time and more and more junk kept showing up in my openhab.log as new versions came out. Eventually I compared my version with the version in github and there were about 50 new lines added that I was missing.
I don’t think there is a good answer for this except to remember to reapply the changes to the files in /var/lib/openhab/etc after an upgrade.
All I really know is documented on those pages better than I can write here. I can also confirm that it works for me. hat command are you using to access the console? Are you logging in as user openhab?
Unless you configure ssh keys per the instructions linked to above it will always ask for a password. The point of ssh certificates is to authenticate with “something you have” (i.e. the certificate) as opposed to “something you know” (i.e. password). For completeness, bio-metrics like fingerprints would be “something you are”. Multi-factor authentication would be using two or more of the three.
They shouldn’t do. /var/lib/openhab2/etc is a configuration folder, where only a specific set of files are replaced on an update, the files @Udo_Hartmann mentioned above should be left untouched by the update and won’t be overwritten.