diff --git a/baseimage/initializeBaseUbuntuImage.sh b/baseimage/initializeBaseUbuntuImage.sh
index cf053fbd0..0e971fafa 100644
--- a/baseimage/initializeBaseUbuntuImage.sh
+++ b/baseimage/initializeBaseUbuntuImage.sh
@@ -274,15 +274,15 @@ setfacl -n -m u:${USER}:r /var/log/journal/*/system.journal
 
 echo "==== Install ssh ==="
 apt-get -y install openssh-server
-# https://stackoverflow.com/questions/4348166/using-with-sed on why ? must be escaped
-sed -e 's/^#\?PermitRootLogin .*/PermitRootLogin without-password/g' \
-    -e 's/^#\?PermitEmptyPasswords .*/PermitEmptyPasswords no/g' \
-    -e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/g' \
-    -i /etc/ssh/sshd_config
 
-# caas has ssh on port 202
+# caas has ssh on port 202 and we disable password login
 if [[ "${PROVIDER}" == "caas" ]]; then
-    sed -e 's/^#\?Port .*/Port 202/g' -i /etc/ssh/sshd_config
+    # https://stackoverflow.com/questions/4348166/using-with-sed on why ? must be escaped
+    sed -e 's/^#\?PermitRootLogin .*/PermitRootLogin without-password/g' \
+        -e 's/^#\?PermitEmptyPasswords .*/PermitEmptyPasswords no/g' \
+        -e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/g' \
+        -e 's/^#\?Port .*/Port 202/g' \
+        -i /etc/ssh/sshd_config
 fi
 
 # DO uses Google nameservers by default. This causes RBL queries to fail (host 2.0.0.127.zen.spamhaus.org)
diff --git a/installer/systemd/cloudron-system-setup.sh b/installer/systemd/cloudron-system-setup.sh
index 07ceb44fe..5769ab680 100755
--- a/installer/systemd/cloudron-system-setup.sh
+++ b/installer/systemd/cloudron-system-setup.sh
@@ -12,9 +12,6 @@ disk_device="$(for d in $(find /dev -type b); do [ "$(mountpoint -d /)" = "$(mou
 
 existing_swap=$(cat /proc/meminfo | grep SwapTotal | awk '{ printf "%.0f", $2/1024 }')
 
-# allow root access over ssh
-sed -e 's/.* \(ssh-rsa.*\)/\1/' -i /root/.ssh/authorized_keys
-
 # all sizes are in mb
 readonly physical_memory=$(free -m | awk '/Mem:/ { print $2 }')
 readonly swap_size=$((${physical_memory} - ${existing_swap})) # if you change this, fix enoughResourcesAvailable() in client.js
@@ -50,4 +47,3 @@ umount "${USER_DATA_DIR}" || true
 truncate -s "${home_data_size}m" "${USER_DATA_FILE}" # this will shrink it if the file had existed. this is useful when running this script on a live system
 mount -t btrfs -o loop,nosuid "${USER_DATA_FILE}" ${USER_DATA_DIR}
 btrfs filesystem resize max "${USER_DATA_DIR}"
-