diff --git a/onboarding/http/templates/http_install/http_install.tftpl b/onboarding/http/templates/http_install/http_install.tftpl
index b96a422..a10a416 100644
--- a/onboarding/http/templates/http_install/http_install.tftpl
+++ b/onboarding/http/templates/http_install/http_install.tftpl
@@ -2,6 +2,7 @@
 
 # add sdm public key
 echo "${SSH_PUB_KEY}" | tee -a /etc/ssh/sdm_ca.pub
+chmod 600 /etc/ssh/sdm_ca.pub
 echo "TrustedUserCAKeys /etc/ssh/sdm_ca.pub" | tee -a /etc/ssh/sshd_config
 systemctl restart sshd
 
diff --git a/onboarding/mysql/templates/mysql_install/mysql_install.tftpl b/onboarding/mysql/templates/mysql_install/mysql_install.tftpl
index 80f0323..5ebb85f 100644
--- a/onboarding/mysql/templates/mysql_install/mysql_install.tftpl
+++ b/onboarding/mysql/templates/mysql_install/mysql_install.tftpl
@@ -1,5 +1,6 @@
 #!/bin/bash
 echo "${SSH_PUB_KEY}" | tee -a /etc/ssh/sdm_ca.pub
+chmod 600 /etc/ssh/sdm_ca.pub
 echo "TrustedUserCAKeys /etc/ssh/sdm_ca.pub" | tee -a /etc/ssh/sshd_config
 systemctl restart ssh