diff --git a/Dockerfile b/Dockerfile
index fa467fd..e0fdc70 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,12 +4,18 @@ MAINTAINER "f <f@sutty.nl>"
 ENV BORG_HOST_ID borg
 ENV BORG_PASSPHRASE ""
 ENV KEEP 30
-
-COPY ./monit.conf /etc/monit.d/borg.conf
-COPY ./backup.sh /usr/local/bin/backup
-RUN chmod 755 /usr/local/bin/backup
+ENV SSH_ALIAS ""
+ENV SSH_SERVER ""
+ENV SSH_USER root
+ENV SSH_PORT 22
 
 RUN apk add --no-cache borgbackup
 
+COPY ./monit.conf /etc/monit.d/borg.conf
+COPY ./backup.sh /usr/local/bin/backup
+COPY ./ssh_config /root/.ssh/config
+RUN chmod 755 /usr/local/bin/backup
+RUN chmod -R u=rX,g=,o= /root/.ssh
+
 VOLUME /srv/data
 VOLUME /srv/backups
diff --git a/backup.sh b/backup.sh
index 9f575af..02f9af6 100644
--- a/backup.sh
+++ b/backup.sh
@@ -3,18 +3,29 @@ set -e
 
 # Password can't be empty
 test -n "${BORG_PASSPHRASE}"
+test -n "${DEST}"
+test -n "${SSH_ALIAS}"
 
-date="$(date +%F)"
-orig=/srv/data
-dest=/srv/backups
+DATE="$(date +%F)"
+ORIG=/srv/data
 
-# Let other users have read access, since the backup is encrypted
-# anyway.  This allows for synchronization from other containers.
-umask 0022
+if ! grep -q "${SSH_ALIAS}" /root/.ssh/config ; then
+  echo "Host ${SSH_ALIAS}"                      >> /root/.ssh/config
+  echo "  Port ${SSH_PORT:-22}"                 >> /root/.ssh/config
+  echo "  HostName ${SSH_SERVER:-${SSH_ALIAS}}" >> /root/.ssh/config
+  echo "  User ${SSH_USER:-root}"               >> /root/.ssh/config
+  echo "  IdentityFile ${ORIG}/id_ed25519"      >> /root/.ssh/config
+fi
 
-test -f "${dest}/config" || borg init --encryption=repokey "${dest}"
+ssh -fN ${SSH_ALIAS}
 
-borg create -v --stats "${dest}::${date}" "${orig}"
-borg prune -v --stats --keep-daily ${KEEP} "${dest}"
+for signal in TERM QUIT HUP EXIT INT KILL; do
+  trap "ssh -O exit \"${SSH_ALIAS}\"" ${signal}
+done
+
+# It'll fail the second time
+borg init --encryption=repokey "${SSH_ALIAS}:${DEST}" || :
+borg create -v --stats "${SSH_ALIAS}:${DEST}::${DATE}" "${ORIG}"
+borg prune -v --stats --keep-daily ${KEEP} "${SSH_ALIAS}:${DEST}"
 
 exit $?
diff --git a/ssh_config b/ssh_config
new file mode 100644
index 0000000..eafda2b
--- /dev/null
+++ b/ssh_config
@@ -0,0 +1,7 @@
+Host *
+  Protocol 2
+  ControlMaster auto
+  ControlPath /tmp/ssh-%r@%h:%p
+  VerifyHostKeyDNS yes
+  HashKnownHosts yes
+  StrictHostKeyChecking ask