diff --git a/README.md b/README.md
index 15112c0..07797c2 100644
--- a/README.md
+++ b/README.md
@@ -578,7 +578,7 @@ Absolute path to the OpenSSH Host CA Certificate (HostCertificate) for use with
 
 sshd_config_trustedusercakeys
 -----------------------------
-Absolute path to the OpenSSH User CA Certificate (TrustedUserCAKeys) for use with SSH CA Validation for Users.
+Absolute path to the OpenSSH User CA Certificate (TrustedUserCAKeys) for use with SSH CA Validation for Users or the string 'none'.
 
 - *Default*: undefined
 
diff --git a/manifests/init.pp b/manifests/init.pp
index 861b68b..176a477 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -830,7 +830,10 @@ class ssh (
   }
 
   if $sshd_config_trustedusercakeys_real != undef {
-    validate_absolute_path($sshd_config_trustedusercakeys_real)
+    # TrustedUserCAKeys may be a path to the keys or 'none'
+    if $sshd_config_trustedusercakeys_real != 'none' {
+      validate_absolute_path($sshd_config_trustedusercakeys_real)
+    }
   }
 
   package { $packages_real:
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index e421bbf..8522cf9 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -1040,7 +1040,7 @@ describe 'ssh' do
   end
 
   describe 'sshd_config_trustedusercakeys param' do
-    ['unset', '/etc/ssh/authorized_users_ca.pub'].each do |value|
+    ['unset', '/etc/ssh/authorized_users_ca.pub', 'none'].each do |value|
       context "set to #{value}" do
         let (:params) { { :sshd_config_trustedusercakeys => value } }