diff --git a/confluent_osdeploy/rhvh4/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh b/confluent_osdeploy/rhvh4/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh
index fc22d8b4..52eb9ba3 100644
--- a/confluent_osdeploy/rhvh4/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh
+++ b/confluent_osdeploy/rhvh4/initramfs/usr/lib/dracut/hooks/pre-pivot/01-confluent.sh
@@ -10,15 +10,17 @@ cp -a /tls /sysroot/etc/confluent
 sed -i 's/install::/install:*:/' /sysroot/etc/shadow
 sed -i 's/root::/root:*:/' /sysroot/etc/shadow
 mkdir -p /sysroot/root/.ssh
-chmod 700 /sysroot/root/.ssh
+#chmod 700 /sysroot/root/.ssh
 cat /ssh/*.rootpubkey > /sysroot/root/.ssh/authorized_keys
-chmod 600 /sysroot/root/.ssh/authorized_keys
+#chmod 600 /sysroot/root/.ssh/authorized_keys
 mkdir -p /sysroot/etc/ssh/
 for i in /ssh/*.ca; do
     echo '@cert-authority *' $(cat $i) >> /sysroot/etc/ssh/ssh_known_hosts
 done
 cp /etc/confluent/confluent.apikey /sysroot/etc/
 cp /etc/confluent/confluent.apikey /sysroot/etc/confluent/
-cp /etc/confluent/confluent.deploycfg /sysroot/etc/
+cp /tmp/confluent.deploycfg /sysroot/etc/
+cp /tmp/confluent.deploycfg /sysroot/etc/confluent
 cp /opt/confluent/bin/apiclient /sysroot/etc/confluent
 cp /tmp/confluent.deploycfg /etc/confluent/* /sysroot/etc/confluent
+cp /etc/confluent/confluent.info /sysroot/etc/
diff --git a/confluent_osdeploy/rhvh4/profiles/default/scripts/pre.sh b/confluent_osdeploy/rhvh4/profiles/default/scripts/pre.sh
index 8ee8a8a4..318e6eab 100644
--- a/confluent_osdeploy/rhvh4/profiles/default/scripts/pre.sh
+++ b/confluent_osdeploy/rhvh4/profiles/default/scripts/pre.sh
@@ -30,6 +30,7 @@ if [ "$grubpw" = "null" ]; then
 else
     echo "bootloader --iscrypted --password=$grubpw" > /tmp/grubpw
 fi
+ssh-keygen -A
 for pubkey in /etc/ssh/ssh_host*key.pub; do
     certfile=${pubkey/.pub/-cert.pub}
     curl -f -X POST -H "CONFLUENT_NODENAME: $nodename" -H "CONFLUENT_APIKEY: $(cat /etc/confluent.apikey)" -d @$pubkey https://$mgr/confluent-api/self/sshcert > $certfile