When jailed SSH user created, .ssh folder with 'authorized_keys" is copied. If it contains root system public SSH keys - users able to review them. And if those SSH keys contains something like: root@your_panel.tld - you are effectively doxing your system. Is there an easy way to prevent this? EDIT: for the time being utilization of authorized_keys2 for root system seems help and users no longer see root system public keys.
The key is copied intentionally there to allow the admin to log in directly into the websites as a web user, so nothing is leaking; it's the public key and not the private key. Nobody can log into your server as root by obtaining the public key; public keys exist to be shared.
