Yes, when you use key-based authentication to a server, you never actually give the server a secret, you just cryptographically prove you have the private key that goes to your public key. This is important because the sever can be entirely compromised and you can log into it without leaking any secrets.
Compare this to a secret password, if someone hijacks the SSH connection and you accept the host key (which everyone says yes to on the first connection), you give away your password which can then be used by an attacker to get access to the real server.
Compare this to a secret password, if someone hijacks the SSH connection and you accept the host key (which everyone says yes to on the first connection), you give away your password which can then be used by an attacker to get access to the real server.