diff --git a/userspace/rootfs_override/etc/init.d/sshd.sh b/userspace/rootfs_override/etc/init.d/sshd.sh
index 5374a68bcc13fb216d3102a398f62186b098c8e9..94f6ae71ca50359330192690b99fda2882f134ba 100755
--- a/userspace/rootfs_override/etc/init.d/sshd.sh
+++ b/userspace/rootfs_override/etc/init.d/sshd.sh
@@ -30,10 +30,13 @@ start() {
 		echo "$0 unable to source dot-config ($dotconfig)!"
 	fi
 
+	echo "# Key in this file will be lost at restart!" > /root/.ssh/authorized_keys
+	echo "# Consider storing keys in the permanent location: $permanent_path_ssh/authorized_keys" >> /root/.ssh/authorized_keys
+
  	# copy authorized keys if exists
 	if [ -f /usr/authorized_keys ] ; then
 		mkdir -p /root/.ssh/
-		cp /usr/authorized_keys /root/.ssh/
+		cat /usr/authorized_keys >> /root/.ssh/authorized_keys
 	fi
 
 	# Make sure ssh directory exists
diff --git a/userspace/rootfs_override/etc/ssh/sshd_config b/userspace/rootfs_override/etc/ssh/sshd_config
index 1332433d2f041086d5f51d234b093c3331b3f8d6..036ddcd7ccb578e98e30f756f6d40df916a38956 100644
--- a/userspace/rootfs_override/etc/ssh/sshd_config
+++ b/userspace/rootfs_override/etc/ssh/sshd_config
@@ -51,8 +51,10 @@ PermitRootLogin yes
 #PubkeyAuthentication yes
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile	.ssh/authorized_keys /update/permanent/ssh/authorized_keys
+# Files /update/permanent/ssh/authorized_keys.%u are per user (%u) and survive
+# WRS firmware updates. .ssh/authorized_keys can be used if provided in
+# /usr/authorized_keys of WRS firmware.
+AuthorizedKeysFile	/update/permanent/ssh/authorized_keys.%u .ssh/authorized_keys
 
 #AuthorizedPrincipalsFile none