Hi @chrischabot, thanks for the suggestion and explanation! This would clearly work.
Over here we haven’t made up our minds what to use yet. We came up with two other options.
We were also considering writing the key on the resin OS image before flashing it on the devices’ SD cards. Afterwards this should be accessible from within the container (perhaps with dbus). If this works, I think it would be more secure but a bit of a hack.
Yet another option would be generating a different pair of ssh keys with the server on each device. Sending the public key to the server would then be prone to man-in-the-middle attacks, I guess.