diff --git a/rip_docker/vm-image-builder/README.md b/rip_docker/vm-image-builder/README.md
index 3964bbb..4f741b8 100644
--- a/rip_docker/vm-image-builder/README.md
+++ b/rip_docker/vm-image-builder/README.md
@@ -1,13 +1,23 @@
 # Build the Dangerzone VM for running podman
 
-To build an ISO image:
+## Build the podman container storage (with vagrant)
+
+You need vagrant: `brew install vagrant`
+
+## Build the ISO image (with docker)
 
 ```sh
 docker run -v $(pwd):/build alpine:latest /build/build-iso.sh
 ```
 
-To run the VM:
+## Run the VM
 
 ```sh
 ./run-vm.sh
 ```
+
+You can ssh in as the unprivileged user like this:
+
+```sh
+ssh -i ./ssh-key/id_ed25519 -o StrictHostKeyChecking=no user@192.168.65.3
+```
diff --git a/rip_docker/vm-image-builder/genapkovl-dangerzone.sh b/rip_docker/vm-image-builder/genapkovl-dangerzone.sh
index 366de6e..56ed20d 100644
--- a/rip_docker/vm-image-builder/genapkovl-dangerzone.sh
+++ b/rip_docker/vm-image-builder/genapkovl-dangerzone.sh
@@ -47,8 +47,7 @@ PasswordAuthentication no
 EOF
 
 # Dangerzone alpine setup
-mkdir -p "$tmp"/root
-makefile root:root 0644 "$tmp"/root/answers.txt <<EOF
+makefile root:root 0644 "$tmp"/etc/answers.txt <<EOF
 KEYMAPOPTS="us us"
 HOSTNAMEOPTS="-n dangerzone"
 INTERFACESOPTS="auto lo
@@ -64,11 +63,20 @@ SSHDOPTS="-c openssh"
 EOF
 
 mkdir -p "$tmp"/etc/init.d
-makefile root:root 0644 "$tmp"/etc/init.d/dangerzone <<EOF
+makefile root:root 0755 "$tmp"/etc/init.d/dangerzone <<EOF
 #!/sbin/openrc-run
 name="Dangerzone init script"
 start_pre() {
-	/sbin/setup-alpine -f /root/answers.txt -e -q
+    # Setup Alpine
+	/sbin/setup-alpine -f /etc/answers.txt -e -q
+
+    # Create user, give the dangerzone-vm-key ssh access
+    /usr/sbin/adduser -D user
+    mkdir -p /home/user/.ssh
+    echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmxIw2etg2IxY77GOFe/6tuMH/K5c1gsz3qPY/s7rZF dangerzone-vm-key" > /home/user/.ssh/authorized_keys
+    chown -R user:user /home/user/.ssh
+    chmod 700 /home/user/.ssh
+    chmod 600 /home/user/.ssh/authorized_keys
 }
 EOF