diff --git a/lib/constants.py b/lib/constants.py
index f2a980366bcdc874e868372aaa11b35b72f5cfd5..4edc36e4c4b88ad49c6bedfcebeab89d8fc0db33 100644
--- a/lib/constants.py
+++ b/lib/constants.py
@@ -90,7 +90,8 @@ BDEV_CACHE_DIR = RUN_GANETI_DIR + "/bdev-cache"
 DISK_LINKS_DIR = RUN_GANETI_DIR + "/instance-disks"
 RUN_DIRS_MODE = 0755
 SOCKET_DIR = RUN_GANETI_DIR + "/socket"
-SOCKET_DIR_MODE = 0700
+SECURE_DIR_MODE = 0700
+SOCKET_DIR_MODE = SECURE_DIR_MODE
 # keep RUN_GANETI_DIR first here, to make sure all get created when the node
 # daemon is started (this takes care of RUN_DIR being tmpfs)
 SUB_RUN_DIRS = [ RUN_GANETI_DIR, BDEV_CACHE_DIR, DISK_LINKS_DIR ]
@@ -620,7 +621,7 @@ JOB_QUEUE_DRAIN_FILE = QUEUE_DIR + "/drain"
 JOB_QUEUE_SIZE_HARD_LIMIT = 5000
 JOB_QUEUE_SIZE_SOFT_LIMIT = JOB_QUEUE_SIZE_HARD_LIMIT * 0.8
 JOB_QUEUE_DIRS = [QUEUE_DIR, JOB_QUEUE_ARCHIVE_DIR]
-JOB_QUEUE_DIRS_MODE = 0700
+JOB_QUEUE_DIRS_MODE = SECURE_DIR_MODE
 
 JOB_ID_TEMPLATE = r"\d+"
 
diff --git a/lib/ssh.py b/lib/ssh.py
index 3477b44da8f33f6f26afdd2579154d613cb715aa..c6aad84d921409bc7378b70f19ddd4df69561f81 100644
--- a/lib/ssh.py
+++ b/lib/ssh.py
@@ -53,13 +53,8 @@ def GetUserFiles(user, mkdir=False):
     raise errors.OpExecError("Cannot resolve home of user %s" % user)
 
   ssh_dir = utils.PathJoin(user_dir, ".ssh")
-  if not os.path.lexists(ssh_dir):
-    if mkdir:
-      try:
-        os.mkdir(ssh_dir, 0700)
-      except EnvironmentError, err:
-        raise errors.OpExecError("Can't create .ssh dir for user %s: %s" %
-                                 (user, str(err)))
+  if mkdir:
+    utils.EnsureDirs([(ssh_dir, constants.SECURE_DIR_MODE)])
   elif not os.path.isdir(ssh_dir):
     raise errors.OpExecError("path ~%s/.ssh is not a directory" % user)