diff --git a/base/ctx/display.go b/base/ctx/display.go
index 9673db67..b44eeb08 100644
--- a/base/ctx/display.go
+++ b/base/ctx/display.go
@@ -26,6 +26,11 @@ func DisplayStory(m *ice.Message, file string, arg ...ice.Any) *ice.Message {
 	kit.If(isLocalFile(file), func() { file = path.Join(ice.PLUGIN_STORY, file) })
 	return DisplayBase(m, file, arg...)
 }
+func DisplayInput(m *ice.Message, file string, arg ...ice.Any) *ice.Message {
+	kit.If(file == "", func() { file = kit.Keys(m.CommandKey(), nfs.JS) })
+	kit.If(isLocalFile(file), func() { file = path.Join(ice.PLUGIN_INPUT, file) })
+	return DisplayBase(m, file, arg...)
+}
 func DisplayStoryForm(m *ice.Message, arg ...ice.Any) *ice.Message {
 	args := kit.List()
 	for i := range arg {
@@ -43,6 +48,9 @@ func DisplayStoryForm(m *ice.Message, arg ...ice.Any) *ice.Message {
 	kit.For(args, func(v ice.Map) { m.Push("", v, kit.Split("type,name,value,values,need,action")) })
 	return DisplayStory(m, "form")
 }
+func DisplayInputKey(m *ice.Message, arg ...ice.Any) *ice.Message {
+	return DisplayInput(m, "key", arg...)
+}
 func DisplayStoryJSON(m *ice.Message, arg ...ice.Any) *ice.Message {
 	return DisplayStory(m, "json", arg...)
 }
diff --git a/base/web/dream.go b/base/web/dream.go
index 2ce5a462..92eca38f 100644
--- a/base/web/dream.go
+++ b/base/web/dream.go
@@ -116,7 +116,7 @@ func _dream_start(m *ice.Message, name string) {
 		return
 	}
 	if !m.IsCliUA() {
-		defer m.ProcessOpenAndRefresh(m.MergePod(name))
+		// defer m.ProcessOpenAndRefresh(m.MergePod(name))
 		defer ToastProcess(m, mdb.CREATE, name)()
 	}
 	defer mdb.Lock(m, m.PrefixKey(), cli.START, name)()
@@ -435,6 +435,18 @@ func init() {
 			TOKEN: {Hand: func(m *ice.Message, arg ...string) {
 				m.Options(m.Cmd(SPIDE, m.Option(mdb.NAME)).AppendSimple()).Cmdy(SPIDE, mdb.DEV_REQUEST)
 			}},
+			SERVER: {Hand: func(m *ice.Message, arg ...string) {
+				m.Cmd(SPACE).Table(func(value ice.Maps, index int, head []string) {
+					kit.If(value[mdb.TYPE] == m.ActionKey(), func() { m.PushRecord(value, head...) })
+				})
+				m.Sort(mdb.TIME, ice.STR_R)
+			}},
+			ORIGIN: {Hand: func(m *ice.Message, arg ...string) {
+				m.Cmd(SPACE).Table(func(value ice.Maps, index int, head []string) {
+					kit.If(value[mdb.TYPE] == m.ActionKey(), func() { m.PushRecord(value, head...) })
+				})
+				m.Sort(mdb.TIME, ice.STR_R)
+			}},
 			DREAM_TABLES: {Hand: func(m *ice.Message, arg ...string) {
 				if !aaa.IsTechOrRoot(m) {
 					m.PushButton(OPEN)
diff --git a/base/web/matrix.go b/base/web/matrix.go
index 13aa8a6a..dfd8a151 100644
--- a/base/web/matrix.go
+++ b/base/web/matrix.go
@@ -81,6 +81,7 @@ func _matrix_action(m *ice.Message, action string, arg ...string) {
 func _matrix_dream(m *ice.Message, action string, arg ...string) {
 	m.Cmd(Space(m, m.Option(DOMAIN)), DREAM, kit.Select(m.ActionKey(), action), m.OptionSimple(mdb.NAME), arg)
 }
+
 func _matrix_cmd(m *ice.Message, cmd string, arg ...string) *ice.Message {
 	return m.Cmdy(Space(m, kit.Keys(m.Option(DOMAIN), m.Option(mdb.NAME))), kit.Select(m.ActionKey(), cmd), arg)
 }
@@ -113,11 +114,10 @@ func init() {
 					m.OptionDefault(nfs.BINARY, UserHost(m)+S(m.Option(mdb.NAME)))
 				}
 				_matrix_dream(m, mdb.CREATE, kit.Simple(m.OptionSimple(mdb.ICONS, nfs.REPOS, nfs.BINARY))...)
-				m.Cmd(SPACE, kit.Keys(m.Option(DOMAIN), m.Option(mdb.NAME)), MESSAGE, mdb.CREATE,
-					mdb.TYPE, ORIGIN, mdb.ICONS, m.Option(mdb.ICONS), TARGET, kit.Keys(nfs.FROM, m.Option(mdb.NAME)))
-				m.Cmd(SPACE, m.Option(mdb.NAME), MESSAGE, mdb.CREATE,
-					mdb.TYPE, SERVER, mdb.ICONS, m.Option(mdb.ICONS), TARGET, kit.Keys(ice.OPS, m.Option(DOMAIN), m.Option(mdb.NAME)))
+				m.Cmd(SPACE, kit.Keys(m.Option(DOMAIN), m.Option(mdb.NAME)), MESSAGE, mdb.CREATE, mdb.TYPE, ORIGIN, mdb.ICONS, m.Option(mdb.ICONS), TARGET, kit.Keys(nfs.FROM, m.Option(mdb.NAME)))
+				m.Cmd(SPACE, m.Option(mdb.NAME), MESSAGE, mdb.CREATE, mdb.TYPE, SERVER, mdb.ICONS, m.Option(mdb.ICONS), TARGET, kit.Keys(ice.OPS, m.Option(DOMAIN), m.Option(mdb.NAME)))
 				StreamPushRefreshConfirm(m, m.Trans("refresh for new space ", "刷新列表查看新空间 ")+kit.Keys(m.Option(DOMAIN), m.Option(mdb.NAME)))
+				SpaceEvent(m, OPS_DREAM_SPAWN, "", m.OptionSimple(mdb.NAME, DOMAIN)...)
 			}},
 		}, ctx.ConfAction(
 			mdb.FIELD, "time,domain,status,type,name,text,icons,repos,binary,module,version,access",
diff --git a/base/web/space.go b/base/web/space.go
index 44e16829..3336ff24 100644
--- a/base/web/space.go
+++ b/base/web/space.go
@@ -79,7 +79,7 @@ func _space_fork(m *ice.Message) {
 		}
 	}
 	if m.Option(mdb.ICONS) != "" && !kit.HasPrefix(m.Option(mdb.ICONS), nfs.PS, HTTP) {
-		m.Option(mdb.ICONS, kit.MergeURL("/require/"+m.Option(mdb.ICONS), ice.POD, name))
+		m.Option(mdb.ICONS, kit.MergeURL(nfs.REQUIRE+m.Option(mdb.ICONS), ice.POD, name))
 	}
 	args := kit.Simple(mdb.TYPE, m.Option(mdb.TYPE), mdb.NAME, name, mdb.TEXT, text, m.OptionSimple(mdb.ICONS, mdb.TIME, nfs.MODULE, nfs.VERSION, cli.DAEMON))
 	args = append(args, aaa.USERNICK, m.Option(ice.MSG_USERNICK), aaa.USERNAME, m.Option(ice.MSG_USERNAME), aaa.USERROLE, m.Option(ice.MSG_USERROLE))
@@ -275,6 +275,7 @@ const (
 const (
 	OPS_ORIGIN_OPEN = "ops.origin.open"
 	OPS_SERVER_OPEN = "ops.server.open"
+	OPS_DREAM_SPAWN = "ops.dream.spawn"
 
 	SPACE_LOGIN       = "space.login"
 	SPACE_LOGIN_CLOSE = "space.login.close"
diff --git a/misc/ssh/connect.go b/misc/ssh/connect.go
index f7c9273f..5b55fef2 100644
--- a/misc/ssh/connect.go
+++ b/misc/ssh/connect.go
@@ -37,10 +37,12 @@ func _ssh_open(m *ice.Message, arg ...string) {
 		}
 		w, h, _ := terminal.GetSize(fd)
 		c.Write([]byte(fmt.Sprintf("#height:%d,width:%d"+lex.NL, h, w)))
-		kit.For(kit.Simple(m.Optionv(ice.INIT)), func(cmd string) {
-			defer c.Write([]byte(cmd + lex.NL))
-			m.Sleep300ms()
-		})
+		if m.Option(ice.INIT) != "" {
+			kit.For(kit.Simple(m.Optionv(ice.INIT)), func(cmd string) {
+				defer c.Write([]byte(cmd + lex.NL))
+				m.Sleep300ms()
+			})
+		}
 		m.Go(func() { io.Copy(c, os.Stdin) })
 		io.Copy(os.Stdout, c)
 	}, arg...)
diff --git a/misc/ssh/relay/auths.go b/misc/ssh/relay/auths.go
new file mode 100644
index 00000000..fa71fd2f
--- /dev/null
+++ b/misc/ssh/relay/auths.go
@@ -0,0 +1,42 @@
+package relay
+
+import (
+	"shylinux.com/x/ice"
+	"shylinux.com/x/icebergs/base/mdb"
+	"shylinux.com/x/icebergs/base/web"
+	"shylinux.com/x/icebergs/misc/ssh"
+	kit "shylinux.com/x/toolkits"
+)
+
+const (
+	SSH_AUTHS = "ssh.auths"
+)
+
+type auths struct {
+	list string `name:"list auto"`
+}
+
+func (s auths) List(m *ice.Message, arg ...string) {
+	list := map[string]map[string]bool{}
+	head := []string{}
+	m.AdminCmd(web.DREAM, web.ORIGIN).Table(func(val ice.Maps) {
+		head = append(head, val[mdb.NAME])
+		m.AdminCmd(web.SPACE, val[mdb.NAME], ssh.RSA, ssh.AUTHS).Table(func(value ice.Maps) {
+			if _, ok := list[value[mdb.NAME]]; !ok {
+				list[value[mdb.NAME]] = map[string]bool{}
+			}
+			list[value[mdb.NAME]][val[mdb.NAME]] = true
+		})
+	})
+	m.AdminCmd(web.DREAM, web.SERVER).Table(func(value ice.Maps) {
+		kit.For(head, func(key string) {
+			if data, ok := list[value[mdb.NAME]]; ok && data[key] {
+				m.Push(key, "ok")
+			} else {
+				m.Push(key, "")
+			}
+		})
+	})
+}
+
+func init() { ice.Cmd(SSH_AUTHS, auths{}) }
diff --git a/misc/ssh/relay/relay.go b/misc/ssh/relay/relay.go
index 2ae03e5e..a041b0ff 100644
--- a/misc/ssh/relay/relay.go
+++ b/misc/ssh/relay/relay.go
@@ -63,7 +63,7 @@ type relay struct {
 	checkbox string `data:"true"`
 	export   string `data:"true"`
 	short    string `data:"machine"`
-	tools    string `data:"ssh.trans,ssh.auth,aaa.cert"`
+	tools    string `data:"ssh.trans,ssh.auths,aaa.rsa"`
 	field    string `data:"time,icons,machine,username,host,port,portal,dream,module,version,commitTime,compileTime,bootTime,go,git,package,shell,kernel,arch,vcpu,ncpu,mhz,mem,disk,network,listen,socket,proc,vendor"`
 	create   string `name:"create host* port=22 username=root machine icons"`
 	upgrade  string `name:"upgrade machine"`
@@ -75,7 +75,7 @@ type relay struct {
 	install  string `name:"install dream portal nodename dev"`
 	pushbin  string `name:"pushbin dream portal nodename dev" icon:"bi bi-box-arrow-in-up"`
 	adminCmd string `name:"adminCmd cmd" icon:"bi bi-terminal-plus"`
-	pushkey  string `name:"pushkey" icon:"bi bi-person-fill-up"`
+	pushkey  string `name:"pushkey server" icon:"bi bi-person-fill-up"`
 }
 
 func (s relay) Init(m *ice.Message, arg ...string) {
@@ -108,6 +108,9 @@ func (s relay) Inputs(m *ice.Message, arg ...string) {
 		m.Push(arg[0], tcp.PORT_443, tcp.PORT_80, tcp.PORT_9020, "9030", "9040", "9050")
 	case tcp.NODENAME:
 		m.Cmdy("").CutTo(MACHINE, arg[0])
+	case web.SERVER:
+		m.Copy(m.AdminCmd(web.DREAM, web.SERVER))
+		ctx.DisplayInputKey(m.Message, "style", "_nameicon")
 	}
 }
 func (s relay) Create(m *ice.Message, arg ...string) {
@@ -293,12 +296,13 @@ func (s relay) Pushkey(m *ice.Message, arg ...string) {
 	p := kit.Format("/home/%s/"+SSH_AUTHORIZED, m.Option(aaa.USERNAME))
 	kit.If(m.Option(aaa.USERNAME) == aaa.ROOT, func() { p = kit.Format("/root/" + SSH_AUTHORIZED) })
 	list := kit.Split(m.AdminCmdx(web.SPACE, m.Option(MACHINE), nfs.CAT, p), lex.NL, lex.NL)
-	if key := ssh.PublicKey(m.Message); !kit.IsIn(key, list...) {
-		m.AdminCmd(web.SPACE, m.Option(MACHINE), nfs.PUSH, p, key)
+	if key := ssh.PublicKey(m.Message, m.Option(web.SERVER)); !kit.IsIn(key, list...) {
+		m.AdminCmd(web.SPACE, m.Option(MACHINE), nfs.PUSH, p, key+lex.NL)
 		m.Echo(m.AdminCmdx(web.SPACE, m.Option(MACHINE), nfs.CAT, p)).ProcessInner()
 	} else {
 		m.Echo(strings.Join(list, lex.NL)).ProcessInner()
 	}
+	m.ProcessInner()
 }
 func (s relay) Login(m *ice.Message, arg ...string) {
 	if m.Options(m.Cmd("", m.Option(MACHINE)).AppendSimple()); m.Option(ice.BACK) == "" {
diff --git a/misc/ssh/rsa.go b/misc/ssh/rsa.go
index a6a45811..240c3ce8 100644
--- a/misc/ssh/rsa.go
+++ b/misc/ssh/rsa.go
@@ -21,6 +21,8 @@ import (
 const (
 	PRIVATE = "private"
 	PUBLIC  = "public"
+	AUTHS   = "auths"
+	PUSHS   = "pushs"
 )
 const RSA = "rsa"
 
@@ -33,13 +35,16 @@ func init() {
 	)
 	aaa.Index.MergeCommands(ice.Commands{
 		RSA: {Name: "rsa hash auto", Help: "密钥", Actions: ice.MergeActions(ice.Actions{
+			ice.CTX_INIT: {Hand: func(m *ice.Message, arg ...string) {
+			}},
 			mdb.INPUTS: {Hand: func(m *ice.Message, arg ...string) {
 				switch arg[0] {
 				case TITLE:
 					m.Push(arg[0], kit.Format("%s@%s", m.Option(ice.MSG_USERNAME), ice.Info.Hostname))
 				}
 			}},
-			mdb.CREATE: {Name: "create bits=2048,4096 title=some", Hand: func(m *ice.Message, arg ...string) {
+			mdb.CREATE: {Name: "create bits=2048,4096 title", Hand: func(m *ice.Message, arg ...string) {
+				m.OptionDefault(TITLE, kit.Format("%s@%s", m.Option(ice.MSG_USERNAME), ice.Info.Hostname))
 				if key, err := rsa.GenerateKey(rand.Reader, kit.Int(m.Option(BITS))); !m.WarnNotValid(err) {
 					if pub, err := ssh.NewPublicKey(key.Public()); !m.WarnNotValid(err) {
 						mdb.HashCreate(m, m.OptionSimple(TITLE),
@@ -50,10 +55,8 @@ func init() {
 				}
 			}},
 			mdb.EXPORT: {Name: "export key=.ssh/id_rsa pub=.ssh/id_rsa.pub", Hand: func(m *ice.Message, arg ...string) {
-				mdb.HashSelect(m, m.Option(mdb.HASH)).Table(func(value ice.Maps) {
-					m.Cmd(nfs.SAVE, kit.HomePath(m.Option(KEY)), value[PRIVATE])
-					m.Cmd(nfs.SAVE, kit.HomePath(m.Option(PUB)), value[PUBLIC])
-				})
+				m.Cmd(nfs.SAVE, kit.HomePath(m.Option(KEY)), m.Option(PRIVATE))
+				m.Cmd(nfs.SAVE, kit.HomePath(m.Option(PUB)), m.Option(PUBLIC))
 			}},
 			mdb.IMPORT: {Name: "import key=.ssh/id_rsa pub=.ssh/id_rsa.pub", Hand: func(m *ice.Message, arg ...string) {
 				mdb.Conf(m, "", kit.Keys(mdb.HASH, path.Base(m.Option(KEY))), kit.Data(mdb.TIME, m.Time(),
@@ -62,6 +65,25 @@ func init() {
 					PUBLIC, m.Cmdx(nfs.CAT, kit.HomePath(m.Option(PUB))),
 				))
 			}},
+			AUTHS: {Hand: func(m *ice.Message, arg ...string) {
+				m.Cmdy(nfs.CAT, kit.HomePath(".ssh/authorized_keys"))
+				kit.For(strings.Split(strings.TrimSpace(m.Results()), lex.NL), func(text string) {
+					if ls := kit.Split(text, " ", " "); len(ls) > 2 {
+						m.Push(mdb.TYPE, ls[0])
+						m.Push(mdb.NAME, ls[2])
+						m.Push(mdb.TEXT, ls[1])
+					}
+				})
+			}},
+			PUSHS: {Hand: func(m *ice.Message, arg ...string) {
+				m.Cmd(nfs.PUSH, kit.HomePath(".ssh/authorized_keys"), arg[0])
+			}},
+			PUBLIC: {Hand: func(m *ice.Message, arg ...string) {
+				if !nfs.Exists(m, kit.HomePath(".ssh/id_rsa.pub")) {
+					m.Cmd("", mdb.CREATE).Options(m.Cmd("").AppendSimple()).Cmd("", mdb.EXPORT)
+				}
+				m.Cmdy(nfs.CAT, kit.HomePath(".ssh/id_rsa.pub"))
+			}},
 		}, mdb.HashAction(mdb.SHORT, PRIVATE, mdb.FIELD, "time,hash,title,public,private")), Hand: func(m *ice.Message, arg ...string) {
 			if mdb.HashSelect(m, arg...).PushAction(mdb.EXPORT, mdb.REMOVE); len(arg) == 0 {
 				m.Action(mdb.CREATE, mdb.IMPORT)
@@ -69,6 +91,9 @@ func init() {
 		}},
 	})
 }
-func PublicKey(m *ice.Message) string {
-	return m.Cmdx(nfs.CAT, kit.HomePath(".ssh/id_rsa.pub"))
+func PublicKey(m *ice.Message, server string) string {
+	if m.IsWorker() {
+		server = kit.Keys(ice.OPS, server)
+	}
+	return m.Cmdx("space", server, RSA, PUBLIC)
 }