First, there's no security benefit to only allowing users to connect with a username of "developer". If you want users to have shared access to the same group of files, put them in the same UNIX group and have /var/Tasks be owned by that group. Seperate usernames allow for auditing, better troubleshooting, etc.
As for your other questions:
- Client usernames are not important. When connecting, users can specific which remote username they want to use:
- You can populate authorized_keys with as many user keys as you have diskspace for, and you can do it before the server is deployed. Also, the same authorized_keys file is read regardless of which portnumber sshd is listening on.
- Yes, the server's public key will be stored in known_hosts and first time connections will prompt the user to accept the remote key. This part is what makes SSH able to detect man-in-the-middle attacks, and if users just blindly accept any key, SSH becomes vulnerable to man-in-the-middle attacks. If you have sufficient access to the client machines, you can add the remote servers key fingerprint to each client's known_hosts. That's the only way you can avoid this prompt.
- You can use the AuthorizedKeysFile keyword in sshd_config to specify where you want sshd to look for keys on the server. I put keys in
/etc/ssh/keys/%u where %u is a file with the users name and I make sure the user only has read-access.