When opening a connection to a remote device, we should verify the host key against a known fingerprint. This fingerprint should be stored in metadata. This can be opt-in by not doing a check if no host-key is assigned.
Without host-key checking, we will send the username/password credentials to every host on which the monitor is configured. This could potentially leak the credentials..