diff --git a/Dockerfile b/Dockerfile
index 86ac240..fb7a65c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,8 @@
 FROM nginx:mainline-alpine
 
 # Install hugo
-RUN apk add hugo git
+RUN apk add hugo git openssh bash
 
 # Copy over auxiliary scripts
-COPY aux/* /docker-entrypoint.d/
+COPY aux /aux
+COPY init/* /docker-entrypoint.d/
diff --git a/README.md b/README.md
index 4d34e82..0944727 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,12 @@ If you store your blog data in a git repository, run the container with env `REP
 
 The repository will be pulled and built every 10 minutes.
 
+#### SSH URLs
+
+If you specify a SSH URL (`ssh:// ...`) for your repository, the host key will be automatically pulled and added as trusted host. Make sure to double-check those host keys with your git server - although a [MITM](https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/) scenario is unlikely and won't pose a big risk in the case of blogker. [YMMV](https://www.urbandictionary.com/define.php?term=ymmv), but still, this may be a security risk in some cases.
+
+If you want to pull private repositories, you may need to generate a SSH key for this purpose, and hand in the private key file, e.g. via `-v ./id_rsa:/root/.ssh/id_rsa`.
+
 ### Passthrough via Bind
 
 To just use a specific directory as the hugo blog contents, run the container with the repository passed through as bind directory:
diff --git a/init/check-ssh.sh b/init/check-ssh.sh
new file mode 100755
index 0000000..9818a9a
--- /dev/null
+++ b/init/check-ssh.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+SSH_GIT_URL_REGEX="^ssh:\/\/([^@]+@)?([a-z0-9\-\.]+)[:/].*$"
+
+if [[ "$REPO_URL" =~ $SSH_GIT_URL_REGEX ]]; then
+	echo "Detected SSH repo URL, importing host key"
+	ssh-keyscan ${BASH_REMATCH[2]} >> /root/.ssh/known_hosts || exit 1
+fi
+
+/aux/pull-n-build.sh || exit 1
diff --git a/aux/cron.sh b/init/cron.sh
similarity index 65%
rename from aux/cron.sh
rename to init/cron.sh
index 6457cc6..c82bb2f 100755
--- a/aux/cron.sh
+++ b/init/cron.sh
@@ -9,7 +9,7 @@ if [ "$BUILDFREQ" == "" ]; then
 fi
 
 # Run the pull script regularly
-echo "$BUILDFREQ * * * * /docker-entrypoint.d/pull-n-build.sh" >> /var/spool/cron/crontabs/root
+echo "$BUILDFREQ * * * * /aux/pull-n-build.sh" >> /var/spool/cron/crontabs/root
 
 # start cron daemon (goes into background)
 crond