diff --git a/cdist/conf/type/__ssh_authorized_keys/gencode-remote b/cdist/conf/type/__ssh_authorized_keys/gencode-remote
index cc86cc19..7fcb59c6 100755
--- a/cdist/conf/type/__ssh_authorized_keys/gencode-remote
+++ b/cdist/conf/type/__ssh_authorized_keys/gencode-remote
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# 2012 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2012-2013 Steven Armstrong (steven-cdist at armstrong.cc)
 #
 # This file is part of cdist.
 #
@@ -24,7 +24,7 @@ if [ -f "$__object/parameter/file" ]; then
 else
    home="$(cut -d':' -f 6 "$__object/explorer/passwd")"
    file="$home/.ssh/authorized_keys"
-fi 
+fi
 
 entry="$__object/files/entry"
 if [ ! -s "$__object/explorer/entry" ]; then
@@ -47,7 +47,9 @@ remove_entry() {
    prefix="#cdist:$__object_name"
    suffix="#/cdist:$__object_name"
    cat << DONE
-tmpfile=\$(mktemp)
+tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
+# preserve ownership and permissions by copying existing file over tmpfile
+cp -p "$file" "\$tmpfile"
 awk -v prefix="$prefix" -v suffix="$suffix" '
 {
    if (index(\$0,prefix)) {