diff --git a/README.md b/README.md
new file mode 100644
index 0000000..6cab8b1
--- /dev/null
+++ b/README.md
@@ -0,0 +1,15 @@
+
+    # Use phusion/baseimage as base image. To make your builds reproducible, make
+    # sure you lock down to a specific version, not to `latest`!
+    FROM phusion/baseimage:<VERSION>
+    
+    # Remove authentication rights for insecure_key.
+    RUN rm -f /root/.ssh/authorized_keys /home/*/.ssh/authorized_keys
+    
+    # Use baseimage-docker's init process.
+    CMD ["/sbin/my_init"]
+    
+    # ...put other build instructions here...
+    
+    # Clean up APT when done.
+    RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
diff --git a/image/cleanup.sh b/image/cleanup.sh
index a7f92fd..c4d76bf 100755
--- a/image/cleanup.sh
+++ b/image/cleanup.sh
@@ -4,5 +4,5 @@ source /build/buildconfig
 set -x
 
 apt-get clean
-rm -rf /var/lib/apt/lists/*
 rm -rf /build
+rm -rf /tmp/* /var/tmp/*
diff --git a/image/system_services.sh b/image/system_services.sh
index a612e1e..3030dac 100755
--- a/image/system_services.sh
+++ b/image/system_services.sh
@@ -22,9 +22,7 @@ cp /build/runit/sshd /etc/service/sshd/run
 cp /build/config/sshd_config /etc/ssh/sshd_config
 
 ## Install default SSH key for root and app.
-mkdir -p /root/.ssh /home/app/.ssh
-chmod 700 /root/.ssh /home/app/.ssh
+mkdir -p /root/.ssh
+chmod 700 /root/.ssh
 chown root:root /root/.ssh
-chown app:app /home/app/.ssh
 cat /build/insecure_key.pub > /root/.ssh/authorized_keys
-cat /build/insecure_key.pub > /home/app/.ssh/authorized_keys