Be sure to define the SSH=y installation parameter (for more details see:
http://wiki.systemimager.org/index.php/Installation_Parameters).
IMPORTANT: server-driven approach is the most secure way to deploy images
on the clients, because they never access directly to the image server. For this
reason you can forbid every kind of access to the image server (using hosts deny
policy or via iptables or using your preferred firewall...).
Moreover, since you have to distribute only a public key to the clients, you can
ignore the warning of the client-driven approach to not use boot over PXE: in
this case the initrd.img doesn't contain private informations and it can be
transmitted unencrypted without problems!