diff --git a/README.md b/README.md
index 20393b9..d6d2fda 100644
--- a/README.md
+++ b/README.md
@@ -3,13 +3,15 @@
 ## Installation
 
 ```bash
+export ADMIN_SSH_KEY='ssh-ed25519 AAAA...'
+export DEPLOY_SSH_KEY='ssh-ed25519 AAAA...'
 curl -fsSL https://raw.githubusercontent.com/elAgala/server-initializer/main/index.sh | bash -s <username>
 ```
 
 Or remotely via SSH:
 
 ```bash
-ssh root@<host> "curl -fsSL https://raw.githubusercontent.com/elAgala/server-initializer/main/index.sh | bash -s <username>"
+ssh root@<host> "ADMIN_SSH_KEY='ssh-ed25519 AAAA...' DEPLOY_SSH_KEY='ssh-ed25519 AAAA...' bash -c '\$(curl -fsSL https://raw.githubusercontent.com/elAgala/server-initializer/main/index.sh)' -- <username>"
 ```
 
 
diff --git a/src/install.sh b/src/install.sh
index 479ae5f..d8a677c 100755
--- a/src/install.sh
+++ b/src/install.sh
@@ -34,6 +34,25 @@ fi
 # Get the repository directory (parent of src/)
 REPO_DIR="$(dirname "$PWD")"
 
+# Validate required SSH keys (skip in development mode)
+if [ "$DEVELOPMENT_MODE" = "false" ]; then
+  missing=""
+  if [ -z "${ADMIN_SSH_KEY:-}" ]; then
+    missing="ADMIN_SSH_KEY"
+  fi
+  if [ -z "${DEPLOY_SSH_KEY:-}" ]; then
+    missing="${missing:+$missing, }DEPLOY_SSH_KEY"
+  fi
+  if [ -n "$missing" ]; then
+    echo "ERROR: Missing required environment variables: $missing"
+    echo "SSH keys are required because password authentication will be disabled."
+    echo ""
+    echo "Usage:"
+    echo "  ADMIN_SSH_KEY='ssh-ed25519 ...' DEPLOY_SSH_KEY='ssh-ed25519 ...' $0 <username>"
+    exit 1
+  fi
+fi
+
 # Log file for verbose output
 LOG_FILE="/var/log/server-initializer.log"
 > "$LOG_FILE"
@@ -100,6 +119,13 @@ echo "USERS"
 echo "  Admin:  $1 / $ADMIN_USER_PASSWORD"
 echo "  Deploy: deploy / $DEPLOY_USER_PASSWORD"
 echo ""
+echo "SSH"
+echo "  Config:         /etc/ssh/sshd_config.d/server-initializer.conf"
+echo "  Admin:          key installed"
+echo "  Deploy:         key installed"
+echo "  Root login:     disabled"
+echo "  Password auth:  disabled"
+echo ""
 echo "WEB SERVER (Caddy)"
 echo "  Dir:    /home/$1/web-server"
 echo "  Sites:  /home/$1/web-server/caddy/sites-enabled/"
diff --git a/src/user/ssh_config.sh b/src/user/ssh_config.sh
index f566350..7a44294 100644
--- a/src/user/ssh_config.sh
+++ b/src/user/ssh_config.sh
@@ -25,7 +25,8 @@ function config_ssh() {
     echo "$public_key" | sudo tee -a "$ssh_dir/authorized_keys" >/dev/null
     echo "[ SSH ]: Public key added to $ssh_dir/authorized_keys."
   else
-    echo "[ SSH ]: WARNING: No SSH key provided for $username (set ADMIN_SSH_KEY / DEPLOY_SSH_KEY)"
+    echo "[ SSH ]: ERROR: No SSH key provided for $username"
+    return 1
   fi
 
   # Create SSH configuration file instead of modifying main sshd_config