diff --git a/scripts/get_user_cert.py b/scripts/get_user_cert.py
index 828a471..3800321 100644
--- a/scripts/get_user_cert.py
+++ b/scripts/get_user_cert.py
@@ -13,10 +13,6 @@ keytxt = key.exportKey('PEM')
 pubkeytxt = key.publickey().exportKey('OpenSSH')
 server = 'http://127.0.0.1:18321'
 
-with open('/etc/ssh/ssh_host_rsa_key.pub', 'r') as f:
-  host_key_pub = f.read()
-
-
 user = {
     'user_id': user_id,
     'auth_id': auth_id,
@@ -49,6 +45,7 @@ with open(keyfile + '_user_id', 'w') as f:
 # Write the user private key
 with open(keyfile, 'w') as f:
   f.write(keytxt)
+os.chmod(keyfile, 0600)
 
 # Write the user public key
 with open(keyfile + '.pub', 'w') as f:
diff --git a/tatu/utils.py b/tatu/utils.py
index 45c4f51..6adc69b 100644
--- a/tatu/utils.py
+++ b/tatu/utils.py
@@ -20,12 +20,12 @@ def generateCert(auth_key, entity_key, hostname=None, principals='root'):
       text_file.write(auth_key)
     with open(pub_file, "w", 0o644) as text_file:
       text_file.write(entity_key)
-    args = ['ssh-keygen', '-P "pinot"', '-s', ca_file, '-I testID', '-V',
-            '-1d:+365d', '-n']
+    args = ['ssh-keygen', '-s', ca_file, '-I', 'testID', '-V',
+            '-1d:+365d']
     if hostname is None:
-      args.extend(['"' + principals + '"', pub_file])
+      args.extend(['-n', principals, pub_file])
     else:
-      args.extend([hostname, '-h', pub_file])
+      args.extend(['-h', pub_file])
     print subprocess.check_output(args, stderr=subprocess.STDOUT)
     # Read the contents of the certificate file
     cert = ''