diff --git a/ic-os/components/guestos/selinux/ic-node/ic-node.fc b/ic-os/components/guestos/selinux/ic-node/ic-node.fc
index ca39bd45d275..31f040716a07 100644
--- a/ic-os/components/guestos/selinux/ic-node/ic-node.fc
+++ b/ic-os/components/guestos/selinux/ic-node/ic-node.fc
@@ -17,6 +17,8 @@
 /var/lib/admin                              -d gen_context(system_u:object_r:user_home_dir_t,s0)
 /var/lib/readonly                           -d gen_context(system_u:object_r:user_home_dir_t,s0)
 /var/lib/backup                             -d gen_context(system_u:object_r:user_home_dir_t,s0)
+/var/lib/recovery                           -d gen_context(system_u:object_r:user_home_dir_t,s0)
 /var/lib/admin/.ssh(/.*)?                      gen_context(system_u:object_r:ssh_home_t,s0)
 /var/lib/readonly/.ssh(/.*)?                   gen_context(system_u:object_r:ssh_home_t,s0)
 /var/lib/backup/.ssh(/.*)?                     gen_context(system_u:object_r:ssh_home_t,s0)
+/var/lib/recovery/.ssh(/.*)?                   gen_context(system_u:object_r:ssh_home_t,s0)
diff --git a/ic-os/components/ssh/setup-ssh-user-keys/setup-ssh-user-keys-guestos.sh b/ic-os/components/ssh/setup-ssh-user-keys/setup-ssh-user-keys-guestos.sh
index 60897d7788dd..8c59198499d8 100755
--- a/ic-os/components/ssh/setup-ssh-user-keys/setup-ssh-user-keys-guestos.sh
+++ b/ic-os/components/ssh/setup-ssh-user-keys/setup-ssh-user-keys-guestos.sh
@@ -18,7 +18,7 @@ copy_ssh_keys() {
 
 # Create home directories
 echo "Creating user home directories"
-for ACCOUNT in backup readonly admin; do
+for ACCOUNT in backup readonly admin recovery; do
     HOMEDIR=$(getent passwd "${ACCOUNT}" | cut -d: -f6)
     echo "Creating home directory for ${ACCOUNT}: ${HOMEDIR}"
     mkdir -p "${HOMEDIR}"
@@ -26,7 +26,7 @@ done
 
 # Setup SSH keys
 echo "Setting up SSH keys for accounts"
-for ACCOUNT in backup readonly admin; do
+for ACCOUNT in backup readonly admin recovery; do
     HOMEDIR=$(getent passwd "${ACCOUNT}" | cut -d: -f6)
     GROUP=$(id -ng "${ACCOUNT}")
 
diff --git a/rs/ic_os/config/types/src/lib.rs b/rs/ic_os/config/types/src/lib.rs
index c18fbe6f3652..4b6cdf69dbd5 100644
--- a/rs/ic_os/config/types/src/lib.rs
+++ b/rs/ic_os/config/types/src/lib.rs
@@ -156,7 +156,7 @@ pub struct ICOSSettings {
     /// wrapper from the `ic_sev` crate, as this cannot be faked by a malicious HostOS.
     #[serde(default)]
     pub enable_trusted_execution_environment: bool,
-    /// This ssh keys directory contains individual files named `admin`, `backup`, `readonly`.
+    /// This ssh keys directory contains individual files named `admin`, `backup`, `readonly`, `recovery`.
     /// The contents of these files serve as `authorized_keys` for their respective role account.
     /// This means that, for example, `accounts_ssh_authorized_keys/admin`
     /// is transferred to `~admin/.ssh/authorized_keys` on the target system.