We have some thousands accounts using SFTP mainly with key authentication. We have a lot of accounts with multiple key assignements. Typically on older one with a short keylen and a newer one with a larger keylen. As we can not determine which one is used by the account for authentication, we don't know which key to remove. The key used is logged by maverick when running in debug mode. But this kills performance. We suggest to control logging of key used to authenticate by a simple property.