Unattended authentication

We really don't like key files laying around. But the need for that use case is probably too strong to resist.

Privacy

Do NOT offer (fingerprints of) all known public keys to server. That leads to "I know what your github accounts" attacks.