diff --git a/src/cli/one_helper/oneuser_helper.rb b/src/cli/one_helper/oneuser_helper.rb
index b481f9291b..a9acaf3d46 100644
--- a/src/cli/one_helper/oneuser_helper.rb
+++ b/src/cli/one_helper/oneuser_helper.rb
@@ -37,7 +37,7 @@ class OneUserHelper < OpenNebulaHelper::OneHelper
                 return -1, "Can not read file: #{arg}"
             end
         else
-            if options[:plain]
+            if options[:plain] || options[:ssh]
                 password = arg.gsub(/\s/, '')
             else
                 password = Digest::SHA1.hexdigest(arg)
@@ -49,9 +49,11 @@ class OneUserHelper < OpenNebulaHelper::OneHelper
 
     def password(options)
         if options[:ssh]
-            require 'ssh_auth'
+            if !options[:key]
+                return -1, "You have to specify the --key option"
+            end
 
-            options[:key] ||= ENV['HOME']+'/.ssh/id_rsa'
+            require 'ssh_auth'
 
             begin
                 sshauth = SshAuth.new(:private_key=>options[:key])
@@ -61,10 +63,14 @@ class OneUserHelper < OpenNebulaHelper::OneHelper
 
             return 0, sshauth.public_key
         elsif options[:x509]
-            require 'x509_auth'
-
             options[:cert] ||= ENV['X509_USER_CERT']
 
+            if !options[:cert]
+                return -1, "You have to specify the --cert option"
+            end
+
+            require 'x509_auth'
+
             begin
                 cert     = [File.read(options[:cert])]
                 x509auth = X509Auth.new(:certs_pem=>cert)
diff --git a/src/cli/oneuser b/src/cli/oneuser
index 43ffc13268..531db2b15e 100755
--- a/src/cli/oneuser
+++ b/src/cli/oneuser
@@ -139,20 +139,21 @@ cmd=CommandParser::CmdParser.new(ARGV) do
           oneuser create my_user my_password
           oneuser create my_user /tmp/mypass -r
           oneuser create my_user --ssh --key /tmp/id_rsa
+          oneuser create my_user --ssh -r /tmp/public_key
           oneuser create my_user --x509 --cert /tmp/my_cert.pem
     EOT
 
     command :create, create_desc, :username, [:password, nil],
             :options=>create_options do
-        if options[:ssh] or options[:x509]
+        if args[1]
+            pass = args[1]
+        else
             rc = helper.password(options)
             if rc.first == 0
                 pass = rc[1]
             else
                 exit_with_code *rc
             end
-        else
-            pass = args[1]
         end
 
         helper.create_resource(options) do |user|
@@ -175,6 +176,26 @@ cmd=CommandParser::CmdParser.new(ARGV) do
         helper.login(args[0], options)
     end
 
+    key_desc = <<-EOT.unindent
+        Generates a public key from a private SSH key
+    EOT
+
+    command :key, key_desc, :options=>[KEY] do
+        require 'ssh_auth'
+
+        options[:key] ||= ENV['HOME']+'/.ssh/id_rsa'
+
+        begin
+            sshauth = SshAuth.new(:private_key=>options[:key])
+        rescue Exception => e
+            exit_with_code -1, e.message
+        end
+
+        puts sshauth.public_key
+        exit_with_code 0
+    end
+
+
     delete_desc = <<-EOT.unindent
         Deletes the given User
     EOT