diff --git a/README.md b/README.md
index d549bd874af3c36469be3ed41b25a9ff9c8896eb..723172122e8c5c96d1db9f663ddde411b324a43e 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,7 @@ All configuration is on .env.main.sample. By default, this environnement is conf
 8. Test the connection with the ssh key (in case of hosting by OVH, remove the waring in '.ssh/authorized_keys')
 9. **Delete temporary user as needed** `deluser [user] && rm -r /home/[user]`
 10. `. main.env; bash validate.sh`
+11. Put your ssh key in `/root/.ssh/authorized_keys` if needed
 
 If dockerweb doesn't have the right uid, you can chaange it **only if it's not already in use** thanks to:
 ```sh
diff --git a/install/Base.sh b/install/Base.sh
index 4c9c542a1ad69f65fa69f0615fada849d7f6ce26..04e47426d9d10c6c78b1e39cd28ad905c1b1a18c 100644
--- a/install/Base.sh
+++ b/install/Base.sh
@@ -118,7 +118,11 @@ bash $DIR/checks/rkhunter.sh
 
 # Allow maintenance operations:
 mkdir -p /root/.ssh
-cat id_rsa.pub >> /root/.ssh/authorized_keys
+if [ "$TETRAS_MAINTENACE" = true ] ; then
+    cat id_rsa.pub >> /root/.ssh/authorized_keys
+else
+    touch /root/.ssh/authorized_keys
+fi
 chmod 600  /root/.ssh/authorized_keys
 
 #Ssh
diff --git a/main.env.sample b/main.env.sample
index ee72b948c20dc0537406ca2e53556d4e125245ae..90d5dab17693d3eed4a0f82204a8fe1bf44fdf8e 100644
--- a/main.env.sample
+++ b/main.env.sample
@@ -11,8 +11,14 @@ export MAINTENANCE_LEVEL="security"
 # TODO change domain for you domaine of server
 export DOMAIN="dev.tetras-libre.fr"
 
+# TODO change admin mail
 export SERVER_ADMIN="sysadmin@tetras-libre.fr"
 
+# TODO put this variable to false if tetras does not provide maintenance
+# This has the consequence of whether or not the free tetras ssh public key is added to the authorized keys
+export TETRAS_MAINTENACE=true
+
+# TODO change ignore domaines for fail2ban
 export IGNORE_DOMAINES=(
     "tetrix.tetras-libre.fr"
     "piculus.tetras-libre.fr"