Hello @rmjtechnologies, the filemanager sftp key is allowed only from 127.0.0.1 (see here), so hiding the port or the privkey from it’s owner doesn’t increase the security imo.
We had some internal discussion about changing the ownership of .ssh/authorized_keys (0600 root) and moving the priv key to /usr/local/hestia/data/users/$user/ssh accesible only to hestia admin. But even this approach would expose the priv key in the user backup unless we remove it during the bk process. (The discussion is stil ongoing)
PS: Also there is no need for that signature 