Why does duplicity need a passphrase for OpenPGP encryption

The default mode of duplicity is to use a symmetric key which consists of a simple passphrase. There's no way I would use that though: if you have to type the key, you can't run an unattended backup!

If you want to run an unattended backup, you have to pass duplicity a public key somehow. The only kind of public key that duplicity supports is GPG, and that requires a key pair. If you don't want more security than the passphrase provides, keep plenty of copies of the private key around (e.g. store it on every backup media, and print it).

Note that you need to choose a really good passphrase (as in long and having high entropy) to get reasonable security from offline attacks (which is the threat here).

I freely concede that I have no knowledge of the inner workings of keychain, but it's completely reasonable that a local ssh agent should be upset not to have a public key that corresponds to a private key that it does have.

Consider what happens when you approach a remote server to authenticate. The remote server knows, from its authorized_keys file, that it's prepared to accept a client that can prove it has the corresponding private key to each entry therein. But how does it ask for that from the client? It can't give each private key itself, nor any property thereof, because it doesn't have it; all it can do is present the public key(s), or fingerprints thereof, that it will accept.

If the client has any of those those public keys, it can immediately select the matching private key, and make a response which the server will accept as correct. If it doesn't have those public keys, what is it to do? Try every private key in its repertoire in turn? A better recipe for unsafe information disclosure could scarcely be imagined; a black-hat would only have to set up a man-in-the-middle attack on a single new connection to harvest legitimate responses from every key in your keyring.

It's possible that keypairs have some kind of internal numbering, but this would be completely arbitrary and unwise to rely on. There's no guaranteed internal property tying a private and public key together, because there's nothing shared by the keys in a keypair, save that one is (hopefully) the only entity that can undo what the other does.

No, the best way for the client to select the right private key to use to any given server is to have the matching public keys to assist it in key selection.