6.6. Configure the clients to use the SSH transport (server-driven)

Be sure to define the SSH=y installation parameter (for more details see: http://wiki.systemimager.org/index.php/Installation_Parameters). IMPORTANT: server-driven approach is the most secure way to deploy images on the clients, because they never access directly to the image server. For this reason you can forbid every kind of access to the image server (using hosts deny policy or via iptables or using your preferred firewall...). Moreover, since you have to distribute only a public key to the clients, you can ignore the warning of the client-driven approach to not use boot over PXE: in this case the initrd.img doesn't contain private informations and it can be transmitted unencrypted without problems!