diff --git a/.env.example b/.env.example
index 7e66199..f06184f 100644
--- a/.env.example
+++ b/.env.example
@@ -1,7 +1,7 @@
 # Copy to .env and adjust
-DJANGO_SECRET_KEY=dev-insecure-change-me
+DJANGO_SECRET_KEY=sdfgdghfdhfdhgfhgfh****
 DJANGO_DEBUG=1
 ALLOWED_HOSTS=127.0.0.1,localhost
-SSH_KEY_DIR=/home/youruser/.ssh
-KNOWN_HOSTS_PATH=/home/youruser/.ssh/known_hosts
+SSH_KEY_DIR=/home/cbuki/.ssh
+KNOWN_HOSTS_PATH=/home/cbuki/.ssh/known_hosts
 STRICT_HOST_KEY_CHECKING=true
diff --git a/setup-ssh-access.sh b/setup-ssh-access.sh
new file mode 100755
index 0000000..367790d
--- /dev/null
+++ b/setup-ssh-access.sh
@@ -0,0 +1,160 @@
+#!/usr/bin/env bash
+# setup-ssh-access.sh
+# Benutzung:
+#   ./setup-ssh-access.sh user@host[:port] [--key ~/.ssh/id_rsa] [--remote-gen]
+#
+# Beispiele:
+#   ./setup-ssh-access.sh alice@example.com
+#   ./setup-ssh-access.sh alice@example.com:2222 --key ~/.ssh/my_rsa --remote-gen
+
+set -euo pipefail
+
+# Defaults
+KEY_PRIV="${HOME}/.ssh/id_rsa"
+KEY_PUB="${KEY_PRIV}.pub"
+REMOTE=""
+PORT=""
+REMOTE_GEN=false
+
+usage() {
+  cat <<EOF
+Usage: $0 user@host[:port] [--key /path/to/key] [--remote-gen]
+
+--key / -k   : private key path (default: ~/.ssh/id_rsa). The script will look for the .pub next to it.
+--remote-gen : if set, the script will also generate (~/.ssh/id_rsa) on the remote account if missing.
+EOF
+  exit 1
+}
+
+# simple arg parse
+if [ $# -lt 1 ]; then usage; fi
+
+# first arg is remote
+REMOTE_ARG="$1"
+shift || true
+
+# parse user@host[:port]
+if [[ "$REMOTE_ARG" =~ ^([^@]+@[^:]+):?([0-9]+)?$ ]]; then
+  REMOTE="${BASH_REMATCH[1]}"
+  if [ -n "${BASH_REMATCH[2]}" ]; then
+    PORT="${BASH_REMATCH[2]}"
+  fi
+else
+  echo "Ungültiger Ziel-Host: $REMOTE_ARG"
+  usage
+fi
+
+# handle rest params
+while (( "$#" )); do
+  case "$1" in
+    --key|-k)
+      shift
+      KEY_PRIV="${1:-}"
+      KEY_PUB="${KEY_PRIV}.pub"
+      ;;
+    --remote-gen)
+      REMOTE_GEN=true
+      ;;
+    --help|-h)
+      usage
+      ;;
+    *)
+      echo "Unbekannter Parameter: $1"
+      usage
+      ;;
+  esac
+  shift || true
+done
+
+SSH_OPTS=()
+if [ -n "$PORT" ]; then
+  SSH_OPTS+=("-p" "$PORT")
+fi
+# reduce interactive host key prompt on modern OpenSSH; accept-new allows first-time add.
+SSH_OPTS+=("-o" "StrictHostKeyChecking=accept-new" "-o" "UserKnownHostsFile=${HOME}/.ssh/known_hosts")
+
+echo "Ziel: $REMOTE ${PORT:+Port=$PORT}"
+echo "Schlüssel (priv): $KEY_PRIV"
+echo "Schlüssel (pub) : $KEY_PUB"
+$REMOTE_GEN && echo "Remote key generation: aktiviert"
+
+# 1) lokal: existenz prüfen, ggf. erzeugen
+if [ ! -f "$KEY_PUB" ]; then
+  echo "Lokaler Public-Key fehlt. Erzeuge RSA 4096 ohne Passphrase: $KEY_PRIV"
+  mkdir -p "$(dirname "$KEY_PRIV")"
+  # Achtung: erzeugt key ohne passphrase (-N "")
+  ssh-keygen -t rsa -b 4096 -f "$KEY_PRIV" -C "$(whoami)@$(hostname)-$(date +%Y%m%d)" -N "" || {
+    echo "ssh-keygen fehlgeschlagen."; exit 2;
+  }
+else
+  echo "Lokaler Public-Key vorhanden: $KEY_PUB"
+fi
+
+# 2) optional: entfernten Account Schlüssel erzeugen (nur falls --remote-gen)
+if [ "$REMOTE_GEN" = true ]; then
+  echo "Prüfe / erzeuge SSH-Key auf entfernten Benutzerkonto (falls nicht vorhanden)..."
+  # Erzeuge mit -f ~/.ssh/id_rsa ohne Passphrase falls nicht existiert.
+  ssh "${SSH_OPTS[@]}" "$REMOTE" bash -s <<'REMOTE_CMD'
+set -e
+mkdir -p ~/.ssh
+chmod 700 ~/.ssh
+if [ ! -f ~/.ssh/id_rsa ]; then
+  echo "ssh-key auf remote nicht gefunden -> erzeuge ~/.ssh/id_rsa (ohne passphrase)"
+  ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N "" -C "$(whoami)@$(hostname)-remote" || exit 1
+else
+  echo "Remote bereits mit Schlüsselpaar ausgestattet: ~/.ssh/id_rsa existiert"
+fi
+REMOTE_CMD
+fi
+
+# 3) Schlüssel auf remote kopieren: bevorzugt ssh-copy-id falls installiert
+if command -v ssh-copy-id >/dev/null 2>&1; then
+  echo "Benutze ssh-copy-id (falls verfügbar) um Public Key zu kopieren..."
+  # ssh-copy-id erwartet die public key (handle port)
+  if [ -n "$PORT" ]; then
+    # ssh-copy-id hat -p, aber auf manchen Plattformen nicht; fallback per SSH+cat
+    if ssh-copy-id -p "$PORT" -i "$KEY_PUB" "${REMOTE}" >/dev/null 2>&1; then
+      echo "ssh-copy-id erfolgreich."
+    else
+      echo "ssh-copy-id mit -p schlug fehl oder ist nicht kompatibel -> fallback"
+      # fallthrough to manual method below
+      COPY_FALLBACK=true
+    fi
+  else
+    if ssh-copy-id -i "$KEY_PUB" "${REMOTE}"; then
+      echo "ssh-copy-id erfolgreich."
+      COPY_FALLBACK=false
+    else
+      echo "ssh-copy-id schlug fehl -> fallback"
+      COPY_FALLBACK=true
+    fi
+  fi
+else
+  COPY_FALLBACK=true
+fi
+
+# 4) fallback: sichere Methode: auf remote ~/.ssh anlegen und Datei anhängen
+if [ "${COPY_FALLBACK:-true}" = true ]; then
+  echo "Benutze Fallback: Public Key per SSH anhängen..."
+  # send public key content to remote and append to ~/.ssh/authorized_keys
+  # We use a safe here-doc redirection so permissions can be set server-side
+  ssh "${SSH_OPTS[@]}" "$REMOTE" "mkdir -p ~/.ssh && chmod 700 ~/.ssh && touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys" || {
+    echo "Fehler beim Erstellen von ~/.ssh auf Remote"; exit 3;
+  }
+
+  # Append (avoid duplicates)
+  PUB_CONTENT="$(cat "$KEY_PUB")"
+  # check duplicate and append only if not present
+  ssh "${SSH_OPTS[@]}" "$REMOTE" bash -s <<REMOTE_CHECK
+set -e
+AUTHORIZED="\$HOME/.ssh/authorized_keys"
+grep -qxF "$PUB_CONTENT" "\$AUTHORIZED" 2>/dev/null || echo "$PUB_CONTENT" >> "\$AUTHORIZED"
+chmod 600 "\$AUTHORIZED"
+REMOTE_CHECK
+fi
+
+echo "Fertig. Versuche, dich mit dem neuen Key einzuloggen:"
+echo "  ssh ${PORT:+-p $PORT }$REMOTE"
+echo "Hinweis: Falls du eine Passphrase möchtest, kannst du die lokale Key mit ssh-keygen -p ändern."
+
+exit 0