diff --git a/README.md b/README.md
index c8ca7c6..abb16e9 100644
--- a/README.md
+++ b/README.md
@@ -101,6 +101,17 @@ scp -p ~/.ssh/id_ed25519.pub tici:.ssh/authorized_keys
 Note: Doing the OpenPilot install removes these keys, apparently.
 
 
+Notes on SSH keys before OpenPilot is installed:
+
+
+```
+root@tici:~# grep ^AuthorizedKeysFile /etc/ssh/sshd_config
+AuthorizedKeysFile /data/params/d/GithubSshKeys
+root@tici:~# cat /data/params/d/GithubSshKeys
+from="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+iXXq30Tq+J5NKat3KWHCzcmwZ55nGh6WggAqECa5CasBlM9VeROpVu3beA+5h0MibRgbD4DMtVXBt6gEvZ8nd04E7eLA9LTZyFDZ7SkSOVj4oXOQsT0GnJmKrASW5KslTWqVzTfo2XCtZ+004ikLxmyFeBO8NOcErW1pa8gFdQDToH9FrA7kgysic/XVESTOoe7XlzRoe/eZacEQ+jtnmFd21A4aEADkk00Ahjr0uKaJiLUAPatxs2icIXWpgYtfqqtaKF23wSt61OTu6cAwXbOWr3m+IUSRUO0IRzEIQS3z1jfd1svgzSgSSwZ1Lhj4AoKxIEAIc8qJrO4uymCJ public
+```
+
+
 Another way to do this would be to hijack DNS on your own wifi to intercept
 the Comma Three's connection to github, then redirect the connection to
 your own server. It depends if it barfs on the SSL or not.