diff --git a/ansible/roles/podman/tasks/containers/cloud-backup.yml b/ansible/roles/podman/tasks/containers/cloud-backup.yml
index b4db6c1..00bd37d 100644
--- a/ansible/roles/podman/tasks/containers/cloud-backup.yml
+++ b/ansible/roles/podman/tasks/containers/cloud-backup.yml
@@ -1,12 +1,22 @@
 ---
+- name: create backup SSH key directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/ssh/backup_keys
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
 - name: deploy {{ backup_name }} backup SSH key
   become: true
   ansible.builtin.copy:
     content: "{{ ssh_key_content }}"
-    dest: "/root/.ssh/truenas_{{ backup_name }}"
+    dest: "{{ ssh_key_path }}"
     owner: root
     group: root
     mode: 0600
+    setype: ssh_home_t
 
 - name: template {{ backup_name }} backup script
   become: true
@@ -16,6 +26,7 @@
     owner: root
     group: root
     mode: 0755
+    setype: bin_t
 
 - name: template {{ backup_name }} backup systemd service
   become: true
diff --git a/ansible/roles/podman/tasks/containers/home/cloud.yml b/ansible/roles/podman/tasks/containers/home/cloud.yml
index 215da89..0dddc81 100644
--- a/ansible/roles/podman/tasks/containers/home/cloud.yml
+++ b/ansible/roles/podman/tasks/containers/home/cloud.yml
@@ -88,8 +88,8 @@
   vars:
     backup_name: cloud
     data_path: "{{ cloud_path }}/data"
-    ssh_key_path: /root/.ssh/truenas_cloud
+    ssh_key_path: /etc/ssh/backup_keys/cloud
     ssh_key_content: "{{ cloud_backup_ssh_key }}"
     ssh_user: cloud
     remote_path: /mnt/glacier/nextcloud
-    script_path: "{{ cloud_path }}/backup.sh"
+    script_path: /usr/local/bin/cloud-backup.sh
diff --git a/ansible/roles/podman/tasks/containers/skudak/cloud.yml b/ansible/roles/podman/tasks/containers/skudak/cloud.yml
index 6b6ca36..ab2df47 100644
--- a/ansible/roles/podman/tasks/containers/skudak/cloud.yml
+++ b/ansible/roles/podman/tasks/containers/skudak/cloud.yml
@@ -135,8 +135,8 @@
   vars:
     backup_name: skudak-cloud
     data_path: "{{ cloud_skudak_path }}/data"
-    ssh_key_path: /root/.ssh/truenas_skudak
+    ssh_key_path: /etc/ssh/backup_keys/skudak-cloud
     ssh_key_content: "{{ cloud_skudak_backup_ssh_key }}"
     ssh_user: skucloud
     remote_path: /mnt/glacier/skudakcloud
-    script_path: "{{ cloud_skudak_path }}/backup.sh"
+    script_path: /usr/local/bin/skudak-cloud-backup.sh