diff --git a/README.md b/README.md
index 506c178..98b881b 100644
--- a/README.md
+++ b/README.md
@@ -7,3 +7,35 @@
 * guacamole-postgres-user
 * local-docker-registry
 * registry-password
+
+## using ssh keys
+
+guacamole does *not* work with the standard openssh format for private keys.  ie:
+
+```
+-----BEGIN OPENSSH PRIVATE KEY-----
+[key goes here]
+-----END OPENSSH PRIVATE KEY-----
+```
+
+you need to generate the public/private key pair using:
+
+```shell
+ssh-keygen -m pem
+```
+
+this will give you a private key that looks like:
+
+
+```
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: [dec info goes here]
+
+[key goes here]
+-----END RSA PRIVATE KEY-----
+```
+
+then on the target machine you need to paste the *public* key into the file /home/[user]/.ssh/authorized_keys
+
+and the *private* key into the configuration for the guacamole connection
\ No newline at end of file