diff --git a/readme-vars.yml b/readme-vars.yml
index 1c49ea6..84ed2f2 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -47,6 +47,7 @@ app_setup_block: |
   How to create the [hashed password](https://github.com/cdr/code-server/blob/master/docs/FAQ.md#can-i-store-my-password-hashed).
 # changelog
 changelogs:
+  - {date: "09.10.24:", desc: "Manage permissions in /config/.ssh according to file type"}
   - {date: "19.08.24:", desc: "Rebase to Ubuntu Noble."}
   - {date: "01.07.23:", desc: "Deprecate armhf. As announced [here](https://www.linuxserver.io/blog/a-farewell-to-arm-hf)"}
   - {date: "05.10.22:", desc: "Install recommended deps to maintain parity with the older images."}
diff --git a/root/etc/s6-overlay/s6-rc.d/init-code-server/run b/root/etc/s6-overlay/s6-rc.d/init-code-server/run
index 883024d..e0c1323 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-code-server/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-code-server/run
@@ -31,5 +31,7 @@ find /config -path /config/workspace -prune -o -exec chown abc:abc {} +
 chown abc:abc /config/workspace
 chmod 700 /config/.ssh
 if [[ -n "$(ls -A /config/.ssh)" ]]; then
-    chmod 600 /config/.ssh/*
+    find /config/.ssh/ -type d -exec chmod 700 '{}' \;
+    find /config/.ssh/ -type f -exec chmod 600 '{}' \;
+    find /config/.ssh/ -type f -iname '*.pub' -exec chmod 644 '{}' \;
 fi