Kindly create functionality for zabbix_server.conf and zabbix_proxy.conf to secure agentless types of checks. One use case:

In a multitenant environment, a Zabbix admin knows credentials in a customer environment can create an SSH check on a proxy to collect data.

A suggested solution would be to install in zabbix_proxy.conf:

DenyKey=ssh.run[*]