diff --git a/README.md b/README.md
index 5ac4202..92ccfd2 100644
--- a/README.md
+++ b/README.md
@@ -161,6 +161,12 @@ UseDNS option in sshd_config. The default is 'yes' on Linux.
 
 - *Default*: 'USE_DEFAULTS'
 
+sshd_config_authkey_location
+----------------------------
+Specify location of authorized_keys file. Default is to not specify.
+
+- *Default*: undef
+
 sshd_config_banner
 ------------------
 Banner option in sshd_config.
diff --git a/manifests/init.pp b/manifests/init.pp
index cab931f..4ac9ba0 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -31,6 +31,7 @@ class ssh (
   $sshd_config_challenge_resp_auth  = 'yes',
   $sshd_config_print_motd           = 'yes',
   $sshd_config_use_dns              = 'USE_DEFAULTS',
+  $sshd_config_authkey_location     = undef,
   $sshd_config_banner               = 'none',
   $sshd_banner_content              = undef,
   $sshd_banner_owner                = 'root',
@@ -348,6 +349,10 @@ class ssh (
     validate_re($sshd_gssapicleanupcredentials_real, '^(yes|no)$', "ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <${sshd_gssapicleanupcredentials_real}>.")
   }
 
+  if $sshd_config_authkey_location != undef {
+    validate_string($sshd_config_authkey_location)
+  }
+
   case type($hiera_merge) {
     'string': {
       validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.")
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index c014bdc..61541b6 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -76,6 +76,7 @@ describe 'ssh' do
     it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
     it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
     it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange no$/) }
+    it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }
     it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
 
     it {
@@ -184,6 +185,7 @@ describe 'ssh' do
     it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
     it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
     it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
+    it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -273,6 +275,7 @@ describe 'ssh' do
     it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
     it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
     it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
+    it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -361,6 +364,7 @@ describe 'ssh' do
     it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
     it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
     it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
+    it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -456,6 +460,7 @@ describe 'ssh' do
     it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
     it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
     it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
+    it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -551,6 +556,7 @@ describe 'ssh' do
     it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
     it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
     it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
+    it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -646,6 +652,7 @@ describe 'ssh' do
     it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
     it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
     it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
+    it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -753,6 +760,7 @@ describe 'ssh' do
         :sshd_use_pam                    => 'no',
         :sshd_client_alive_interval      => '242',
         :sshd_client_alive_count_max     => '0',
+        :sshd_config_authkey_location    => '.ssh/authorized_keys',
       }
     end
 
@@ -791,6 +799,7 @@ describe 'ssh' do
     it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
     it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
     it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
+    it { should contain_file('sshd_config').with_content(/^AuthorizedKeysFile .ssh\/authorized_keys/) }
 
     it {
       should contain_file('sshd_banner').with({
@@ -1034,6 +1043,22 @@ describe 'ssh' do
     end
   end
 
+  context 'with sshd_config_authkey_location set to invalid value on valid osfamily' do
+    let(:params) { { :sshd_config_authkey_location => false } }
+    let(:facts) do
+      { :fqdn      => 'monkey.example.com',
+        :osfamily  => 'RedHat',
+        :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+      }
+    end
+
+    it 'should fail' do
+      expect {
+        should contain_class('ssh')
+      }.to raise_error(Puppet::Error,/is not a string/)
+    end
+  end
+
   context 'with sshd_banner_content set and with default value on sshd_config_banner on valid osfamily' do
     let(:params) { { :sshd_banner_content => 'textinbanner' } }
     let :facts do
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
index a5f79e4..010374e 100644
--- a/templates/sshd_config.erb
+++ b/templates/sshd_config.erb
@@ -49,6 +49,9 @@ PermitRootLogin <%= @permit_root_login %>
 #RSAAuthentication yes
 #PubkeyAuthentication yes
 #AuthorizedKeysFile .ssh/authorized_keys
+<% if @sshd_config_authkey_location -%>
+AuthorizedKeysFile <%= @sshd_config_authkey_location %>
+<% end -%>
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 #RhostsRSAAuthentication no