On slave start server generates key pair and start host over ssh with key pair as argument
-> Only slaves started by server will know the keys to decrypt host messages and encrypt correctly for the server to not discard the message, thus the connection can not be sniffed and no unauthorized commands can be issued
Enhances safety
Option 1:
Option 2: