diff --git a/renewkeys.sh b/renewkeys.sh
new file mode 100644
index 0000000..e8789bb
--- /dev/null
+++ b/renewkeys.sh
@@ -0,0 +1,207 @@
+#!/bin/bash
+NO_FORMAT="\e[0m"
+F_BOLD="\e[1m"
+C_GREEN="\e[38;5;40m"
+C_RED="\e[38;5;9m"
+C_YELLOW="\033[38;5;226m"
+USER=$(getent passwd 1000 | cut -d: -f1)
+PC=$(uname -n | awk '{print $1}')
+
+guardband() {
+if [ $? -ne 0 ]; then
+echo -e "${C_YELLOW}Cleaning up temp directory for checksums...${NO_FORMAT}"
+rm -rf /.SSH/.temp
+sleep 2
+echo -e "${C_RED}Script Exited with an Error.${NO_FORMAT}"
+exit 1
+fi
+}
+
+verifycdn(){
+CDN="https://cdn.franscorack.com"
+echo -e "${C_YELLOW}Verifying CDN availability...${NO_FORMAT}"
+if ! wget --spider "$CDN" 2>/dev/null; then
+    echo -e "${C_RED}Error: Cannot reach CDN for checksum verification - ${F_BOLD}Are you connected on the Internet ? / Is the CDN down ?${NO_FORMAT}"
+    echo -e "${C_RED}Key-renewal script can only be ran if $CDN is reachable. Script Halted. ${NO_FORMAT}"
+    return 1
+    else
+    echo -e "${C_GREEN}CDN available for checksum downloads - ${F_BOLD}Proceeding...${NO_FORMAT}"
+    sleep 2
+fi
+}
+
+downloadpub(){
+wget -q https://cdn.franscorack.com/chksum/sshprov/pub -O /.SSH/.temp/pub
+if [ $? -ne 0 ]; then
+    echo -e "${C_RED}Download error: CDN reported error in file download${NO_FORMAT}"
+    return 1
+fi
+}
+
+downloadpriv(){
+wget -q https://cdn.franscorack.com/chksum/sshprov/priv -O /.SSH/.temp/priv
+if [ $? -ne 0 ]; then
+    echo -e "${C_RED}Download error: CDN reported error in file download${NO_FORMAT}"
+    return 1
+fi
+}
+
+rootcheck(){
+serversidePRIV=$(cat /.SSH/.temp/priv | awk '{print $1}')
+serversidePUB=$(cat /.SSH/.temp/pub | awk '{print $1}')
+rootPRIV=$(sha256sum /root/.ssh/id_ed25519 | awk '{print $1}')
+rootPUB=$(sha256sum /root/.ssh/authorized_keys | awk '{print $1}')
+
+echo Root User Check:
+if [ "$rootPRIV" = "$serversidePRIV" ]
+then
+    echo -e "${C_GREEN}Private Keys Checksum against Server - ${F_BOLD}OK${NO_FORMAT} ${C_GREEN}- No action needed${NO_FORMAT}"
+    chmod 700 /root/.ssh
+    chmod 600 /root/.ssh/id_ed25519
+    else
+    echo -e "${C_RED}Private Keys Checksum against Server - ${F_BOLD}MISMATCH${NO_FORMAT} ${C_RED}- Provisioning... ${NO_FORMAT}"
+    sleep 2
+    rm /root/.ssh/id_ed25519
+    cp --no-preserve=mode,ownership /.SSH/automated/priv/servers/id_ed25519 /root/.ssh/id_ed25519
+    echo -e ${C_YELLOW}'key data from server -> local store'${NO_FORMAT}
+    chmod 700 /root/.ssh
+    chmod 600 /root/.ssh/id_ed25519
+    echo -e ${C_YELLOW}'chmod -> local store'${NO_FORMAT}
+    systemctl restart sshd
+    echo -e ${C_YELLOW}'sshd restart'${NO_FORMAT}
+    sleep 3
+    rootPRIV2=$(sha256sum /root/.ssh/id_ed25519 | awk '{print $1}')
+    if [ "$rootPRIV2" = "$serversidePRIV" ]
+    then
+        echo -e "${C_GREEN}${F_BOLD}CHECKSUM OK - PROVISION SUCCESS${NO_FORMAT}"
+        else
+        echo -e "${C_RED}${F_BOLD}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NO_FORMAT}"
+        return 1
+    fi
+fi
+if [ "$rootPUB" = "$serversidePUB" ]
+then
+    echo -e "${C_GREEN}Public Keys Checksum against Server - ${F_BOLD}OK${NO_FORMAT} ${C_GREEN}- No action needed${NO_FORMAT}"
+    chmod 700 /root/.ssh
+    chmod 600 /root/.ssh/authorized_keys
+    else
+    echo -e "${C_RED}Public Keys Checksum against Server - ${F_BOLD}MISMATCH${NO_FORMAT} ${C_RED}- Provisioning... ${NO_FORMAT}"
+    sleep 2
+    rm /root/.ssh/authorized_keys
+    cp --no-preserve=mode,ownership /.SSH/automated/pub/servers/id_ed25519.pub /root/.ssh/authorized_keys
+    echo -e ${C_YELLOW}'key data from server -> local store'${NO_FORMAT}
+    chmod 700 /root/.ssh
+    chmod 600 /root/.ssh/authorized_keys
+    echo -e ${C_YELLOW}'chmod -> local store'${NO_FORMAT}
+    systemctl restart sshd
+    echo -e ${C_YELLOW}'sshd restart'${NO_FORMAT}
+    sleep 3
+    rootPUB2=$(sha256sum /root/.ssh/authorized_keys | awk '{print $1}')
+    if [ "$rootPUB2" = "$serversidePUB" ]
+    then
+        echo -e "${C_GREEN}${F_BOLD}CHECKSUM OK - PROVISION SUCCESS${NO_FORMAT}"
+        else
+        echo -e "${C_RED}${F_BOLD}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NO_FORMAT}"
+        return 1
+    fi
+fi
+}
+
+admincheck(){
+adminPRIV=$(sha256sum /home/$USER/.ssh/id_ed25519 | awk '{print $1}')
+adminPUB=$(sha256sum /home/$USER/.ssh/authorized_keys | awk '{print $1}')
+echo Admin User Check:
+if [ "$adminPRIV" = "$serversidePRIV" ]
+then
+    echo -e "${C_GREEN}Private Keys Checksum against Server - ${F_BOLD}OK${NO_FORMAT} ${C_GREEN}- No action needed${NO_FORMAT}"
+    chmod 700 /home/$USER/.ssh
+    chmod 600 /home/$USER/.ssh/id_ed25519
+    chown $USER -R /home/$USER/.ssh
+    else
+    echo -e "${C_RED}Private Keys Checksum against Server - ${F_BOLD}MISMATCH${NO_FORMAT} ${C_RED}- Provisioning... ${NO_FORMAT}"
+    sleep 2
+    rm /home/$USER/.ssh/id_ed25519
+    cp --no-preserve=mode,ownership /.SSH/automated/priv/servers/id_ed25519 /home/$USER/.ssh/id_ed25519
+    echo -e ${C_YELLOW}'key data from server -> local store'${NO_FORMAT}
+    chmod 700 /home/$USER/.ssh
+    chmod 600 /home/$USER/.ssh/id_ed25519
+    chown $USER -R /home/$USER/.ssh
+    echo -e ${C_YELLOW}'chmod -> local store'${NO_FORMAT}
+    systemctl restart sshd
+    echo -e ${C_YELLOW}'sshd restart'${NO_FORMAT}
+    sleep 3
+    adminPRIV2=$(sha256sum /home/$USER/.ssh/id_ed25519 | awk '{print $1}')
+    if [ "$adminPRIV2" = "$serversidePRIV" ]
+    then
+        echo -e "${C_GREEN}${F_BOLD}CHECKSUM OK - PROVISION SUCCESS${NO_FORMAT}"
+        else
+        echo -e "${C_RED}${F_BOLD}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NO_FORMAT}"
+        return 1
+    fi
+fi
+if [ "$adminPUB" = "$serversidePUB" ]
+then
+    echo -e "${C_GREEN}Public Keys Checksum against Server - ${F_BOLD}OK${NO_FORMAT} ${C_GREEN}- No action needed${NO_FORMAT}"
+    chmod 700 /home/$USER/.ssh
+    chmod 600 /home/$USER/.ssh/authorized_keys
+    chown $USER -R /home/$USER/.ssh
+    else
+    echo -e "${C_RED}Public Keys Checksum against Server - ${F_BOLD}MISMATCH${NO_FORMAT} ${C_RED}- Provisioning... ${NO_FORMAT}"
+    sleep 2
+    rm /home/$USER/.ssh/authorized_keys
+    cp --no-preserve=mode,ownership /.SSH/automated/pub/servers/id_ed25519.pub /home/$USER/.ssh/authorized_keys
+    echo -e ${C_YELLOW}'key data from server -> local store'${NO_FORMAT}
+    chmod 700 /home/$USER/.ssh
+    chmod 600 /home/$USER/.ssh/authorized_keys
+    chown $USER -R /home/$USER/.ssh
+    echo -e ${C_YELLOW}'chmod -> local store'${NO_FORMAT}
+    systemctl restart sshd
+    echo -e ${C_YELLOW}'sshd restart'${NO_FORMAT}
+    sleep 3
+    adminPUB2=$(sha256sum /home/$USER/.ssh/authorized_keys | awk '{print $1}')
+    if [ "$adminPUB2" = "$serversidePUB" ]
+    then
+        echo -e "${C_GREEN}${F_BOLD}CHECKSUM OK - PROVISION SUCCESS${NO_FORMAT}"
+        else
+        echo -e "${C_RED}${F_BOLD}CHECKSUM MISMATCH - MANUAL INTERVENTION REQUIRED${NO_FORMAT}"
+        return 1
+    fi
+fi
+}
+
+if [ "$UID" -ne 0 ]; then
+    echo -e "${C_RED}This script must be run as root.${NO_FORMAT}"
+    exit 1
+fi
+echo -e ${C_YELLOW}Warning: running this script resets known_hosts file. Abort this script using CTRL+C if you want to avoid that.${NO_FORMAT}
+sleep 3
+rm /home/$USER/.ssh/known_hosts
+rm /root/.ssh/known_hosts
+mkdir /.SSH/.temp
+if [ "$PC" = "pve01" ]
+then
+verifycdn
+guardband
+downloadpub
+guardband
+downloadpriv
+guardband
+rootcheck
+guardband
+else
+verifycdn
+guardband
+downloadpub
+guardband
+downloadpriv
+guardband
+rootcheck
+guardband
+admincheck
+guardband
+fi
+sleep 3
+echo -e "${C_YELLOW}Cleaning up temp directory for checksums...${NO_FORMAT}"
+rm -rf /.SSH/.temp
+sleep 2
+echo -e "${C_GREEN}Script execution completed.${NO_FORMAT}"