diff --git a/sshd/docker-entrypoint.sh b/sshd/docker-entrypoint.sh
index 6dd128c..42cc310 100644
--- a/sshd/docker-entrypoint.sh
+++ b/sshd/docker-entrypoint.sh
@@ -13,11 +13,43 @@ if [[ (! -z "${ADDITIONAL_USER}" ) && ( "${ADDITIONAL_USER}" != "root"  ) ]]; th
 	if [[ ! -z "${ADDITIONAL_USER_GID}" ]]; then
 		groupmod -g $ADDITIONAL_USER_GID $ADDITIONAL_USER
 	fi
-	echo "${ADDITIONAL_USER}:$(cat $ADDITIONAL_USER_PASSWORD_FILE)" | chpasswd
+	if [[ ! -z "${ADDITIONAL_USER_PASSWORD_FILE}" ]]; then
+		echo "${ADDITIONAL_USER}:$(cat $ADDITIONAL_USER_PASSWORD_FILE)" | chpasswd
+	fi
+	
+	if [[ ! -z "${ADDITIONAL_USER_PUBLICKEY}" ]]; then
+		if [ ! -d "/home/${ADDITIONAL_USER}/.ssh" ]; then
+			mkdir -p "/home/${ADDITIONAL_USER}/.ssh"
+			chown -R $(id -u "${ADDITIONAL_USER}"):$(id -g "${ADDITIONAL_USER}") "/home/${ADDITIONAL_USER}/.ssh"
+		fi
+		echo "${ADDITIONAL_USER_PUBLICKEY}" >> /home/"${ADDITIONAL_USER}"/.ssh/authorized_keys
+	fi
+fi
+if [[ ! -z "${ROOT_PASSWORD_FILE}" ]]; then
+	echo "root:$(cat $ROOT_PASSWORD_FILE)" | chpasswd
+fi
+if [[ ! -z "${ROOT_PUBLICKEY}" ]]; then
+	if [ ! -d "/root/.ssh" ]; then
+		mkdir -p "/root/.ssh"
+	fi
+	echo "${ROOT_PUBLICKEY}" >> /root/.ssh/authorized_keys
+fi
+if [[ (! -z "${ENABLE_PASSWORD_AUTHENTICATION}") && ("${ENABLE_PASSWORD_AUTHENTICATION}" = '1') ]]; then
+	echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
+	if [[ (! -z "${ENABLE_ROOT}") && ("${ENABLE_ROOT}" = 1) ]]; then
+		echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
+	else
+		echo "PermitRootLogin no" >> /etc/ssh/sshd_config
+	fi
+else
+	echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
+	if [[ (! -z "${ENABLE_ROOT}") && ("${ENABLE_ROOT}" = '1') ]]; then
+		echo "PermitRootLogin without-password" >> /etc/ssh/sshd_config
+	else
+		echo "PermitRootLogin no" >> /etc/ssh/sshd_config
+	fi
 fi
 
-
-echo "root:$(cat $ROOT_PASSWORD_FILE)" | chpasswd
 usermod -s /bin/bash root
 /usr/sbin/sshd -D
 #exec "$@"
diff --git a/sshd/sshd_config b/sshd/sshd_config
index b91a433..ff34788 100644
--- a/sshd/sshd_config
+++ b/sshd/sshd_config
@@ -1,6 +1,6 @@
-PermitRootLogin yes
 ChallengeResponseAuthentication no
 UsePAM yes
+PermitEmptyPasswords no
 AllowAgentForwarding yes
 AllowTcpForwarding yes
 GatewayPorts yes