diff --git a/packages/network/openssh/init.d/51_sshd b/packages/network/openssh/init.d/51_sshd
index 6e06c85812..28855eb16a 100644
--- a/packages/network/openssh/init.d/51_sshd
+++ b/packages/network/openssh/init.d/51_sshd
@@ -29,6 +29,8 @@
   KEYGEN="/usr/bin/ssh-keygen"
   SSHD="/usr/sbin/sshd"
 
+  HOME="/storage"
+
   (
     if [ "$SSH" = yes -o -f /storage/.config/ssh_enable ]; then
 
@@ -59,12 +61,16 @@
           chmod 600 $DSA2_KEY
       fi
 
+    # ensure that $HOME/.ssh exists, is root-owned and not world-readable
+      mkdir -p $HOME/.ssh
+      chown root:root $HOME/.ssh
+      chmod 0700 $HOME/.ssh
+
     # Check for predefined known hosts file
       if [ -f /etc/ssh/known_hosts -a ! -f $HOME/.ssh/known_hosts ] ; then
         progress "SSH: setup predefined known hosts"
 
-        mkdir -p /$HOME/.ssh
-          cp /etc/ssh/known_hosts $HOME/.ssh
+        cp /etc/ssh/known_hosts $HOME/.ssh
       fi
 
       progress "Starting SSH Server"