I found the way to keep the current schema more secure.
I did a coulpe of commits about that.
Now using the ssh key allows only to open remote port redirections (supporting recovery shell notifications) and upload files to the data folder.
I think that's enough for a quick costless solution.
If dropbear gives the possibility to ignore the server host key we can also support management server migrations.
-Walter