diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup
index 028b85fdc..403709d26 100755
--- a/src/etc/rc.bootup
+++ b/src/etc/rc.bootup
@@ -211,9 +211,7 @@ interfaces_loopback_configure();
 /* start syslogd */
 system_syslogd_start();
 
-echo "Starting Secure Shell Services...";
 mwexec("/usr/local/etc/rc.sshd");
-echo "done.\n";
 
 /* set up interfaces */
 mute_kernel_msgs();
@@ -370,5 +368,7 @@ if ($setup_installer) {
         $root['shell'] = '/usr/local/etc/rc.installer';
         $root['name'] = 'installer';
         local_user_set($root);
+
+        mwexec("/usr/local/etc/rc.sshd installer");
     }
 }
diff --git a/src/etc/rc.sshd b/src/etc/rc.sshd
index 2e5ce5f8c..9e9d3a00d 100755
--- a/src/etc/rc.sshd
+++ b/src/etc/rc.sshd
@@ -4,7 +4,7 @@
 /*
 	Copyright (C) 2004 Scott K Ullrich
 	Copyright (C) 2004 Fred Mol <fredmol@xs4all.nl>.
-	Copyright (C) 2015 Franco Fichtner <franco@opnsense.org>
+	Copyright (C) 2015-2016 Franco Fichtner <franco@opnsense.org>
 	All rights reserved.
 
 	Redistribution and use in source and binary forms, with or without
@@ -39,7 +39,18 @@ $etc_ssh = '/usr/local/etc/ssh';
 /* if run from a shell session, `-af' and the full path is needed */
 mwexecf('/bin/pkill -af %s', $sbin_sshd);
 
-if (!isset($config['system']['ssh']['enabled'])) {
+$sshcfg = null;
+
+if (isset($config['system']['ssh'])) {
+	if (isset($config['system']['ssh']['enabled'])) {
+		$sshcfg = $config['system']['ssh'];
+	}
+} elseif (count($argv) > 1 && $argv[1] == 'installer') {
+	/* only revert to installer config when ssh is not set at all */
+	$sshcfg = array( 'permitrootlogin' => 1, 'passwordauth' => 1);
+}
+
+if ($sshcfg === null) {
 	return;
 }
 
@@ -73,21 +84,8 @@ foreach($keys as $name) {
 /* Login related files. */
 touch("/var/log/lastlog");
 
-if (isset($config['system']['ssh']['port'])) {
-	$sshport = $config['system']['ssh']['port'];
-} else {
-	$sshport = 22;
-}
+$sshport = isset($sshcfg['port']) ? $sshcfg['port'] : 22;
 
-/*
- * XXX ZOMG sshd_config BOOTSTRAPPING ACTION
- *
- * We can't just ditch the system file by default and roll
- * our own.  Instead, use the current file to find the actual
- * settings that need toggling, then toggle them!
- */
-
-/* Include default configuration for OPNsense */
 $sshconf = "# This file was automatically generated by /usr/local/etc/rc.sshd\n";
 $sshconf .= "Port {$sshport}\n";
 $sshconf .= "Protocol 2\n";
@@ -98,10 +96,10 @@ $sshconf .= "UseDNS no\n";
 $sshconf .= "X11Forwarding no\n";
 $sshconf .= "PubkeyAuthentication yes\n";
 $sshconf .= "Subsystem\tsftp\tinternal-sftp\n";
-if (isset($config['system']['ssh']['permitrootlogin'])) {
+if (isset($sshcfg['permitrootlogin'])) {
 	$sshconf .= "PermitRootLogin yes\n";
 }
-if (isset($config['system']['ssh']['passwordauth'])) {
+if (isset($sshcfg['passwordauth'])) {
 	$sshconf .= "ChallengeResponseAuthentication yes\n";
 	$sshconf .= "PasswordAuthentication yes\n";
 } else {