Security when SSH private keys are lost

What version of sshd are you using? OpenSSH 5.4 apparently has a key revocation option:

* Add the ability to revoke keys in sshd(8) and ssh(1). User keys may
be revoked using a new sshd_config(5) option "RevokedKeys". Host keys 
are revoked through known_hosts (details in the sshd(8) man page).   
Revoked keys cannot be used for user or host authentication and will  
trigger a warning if used.

If you're using an earlier version, you probably have to run through all possible authorized_keys files on all your servers to look for and remove the suspect public key. This would include any account User-A could ssh into, including root. This assumes you are not using centralized authoried_key management.

One possible short-term fix to this situation is to use some config management tool (ansible may be a good bet here).

You could notably use the authorized_key module (https://docs.ansible.com/ansible/authorized_key_module.html) to remove one (or more) specific public key fingerprint from a given user's authorized_key file.

An example is lacking for your needs, but something like this could work:

- name: Set authorized key took from url
  authorized_key:
    user: charlie
    state: absent
    key: https://github.com/charlie.keys

You can also (in ansible at least) run a command to create a list of all users on a system, by querying /etc/passwd.

You could also just create a fresh whitelist of keys and remove everything else, but that may not be practical in your situation.

The ansible docs give a rough example of how that could work:

- name: Set authorized key, removing all the authorized key already set
  authorized_key:
    user: root
    key: '{{ item }}'
    state: present
    exclusive: True
  with_file:
    - public_keys/doe-jane

In the long run, you may want to consider having jumphosts - I've found teleport to be rather good.

In both OpenSSH and Putty you can regenrate the public key from the private key but not the other way round.

Use ssh-keygen -y -f filename

In PuttyGen, import the key and it will show you the public key.

If this is a user key (as it appears it is), then it will be located in the authorized_keys file for userids that the user had access to. You will need to search the .ssh subdirectory of the home directories. (If you have automounted home directories, you only need to search the directory on one server; otherwise you need to search all servers they might have had access to.)

The problem will be finding the first copy of the old key. The user's home directory on commonly accessed systems will be a good place to start. Once you have the key you can grep for it on other systems and userids. Searching for the key value rather than the comment will be more likely to find all the keys.

how do I recall the public key associated with this private key.

While revoking SSH keys is certainly not a bad idea, the better (or more scaleable) solution is to implement MFA (multi-factor authenticator, aka Two Factor Authentication). This has the effect of devaluing the key, because the user cannot login unless they satisfy (1) additional factor.

A couple open source solutions exist like Google Authenticator and Oath. Then a hybrid open source / commercial solution like Duo. With Duo, you can even geo fence logins and push notifications.

For a 100% functioning example implementation, checkout this bastion implemented as a Docker container: https://github.com/cloudposse/bastion