diff --git a/doc/design-ssh-setup.rst b/doc/design-ssh-setup.rst
index ef809508494e9425db16530df042c943f69e74a5..7004044189fb6bbd456b7551f88018b3cf194be9 100644
--- a/doc/design-ssh-setup.rst
+++ b/doc/design-ssh-setup.rst
@@ -31,8 +31,8 @@ is moved over to the added node.
 A new script named ``prepare-node-join`` is added. It receives a JSON
 data structure (defined :ref:`below <prepare-node-join-json>`) on its
 standard input. Once the data has been successfully decoded, it proceeds
-to configure the local node's SSH daemon, the Ganeti node daemon and
-restarts both.
+to configure the local node's SSH daemon and root's SSH settings, after
+which the SSH daemon is restarted.
 
 All the master node has to do to add a new node is to gather all
 required data, build the data structure, and invoke the script on the
@@ -47,21 +47,23 @@ Eventually ``setup-ssh`` can be removed.
 JSON structure
 ~~~~~~~~~~~~~~
 
-The data is given in an object containing the keys described below. All
-entries are optional with the condition that for cryptography keys,
-private and public parts or nothing at all must be given.
+The data is given in an object containing the keys described below.
+Unless specified otherwise, all entries are optional.
 
+``cluster_name``
+  Required string with the cluster name. If a local cluster name is
+  found, the join process is aborted unless the passed cluster name
+  matches the local name.
+``node_daemon_certificate``
+  Public part of cluster's node daemon certificate in PEM format. If a
+  local node certificate and key is found, the join process is aborted
+  unless this passed public part can be verified with the local key.
 ``ssh_host_key``
   List containing public and private parts of SSH host key. See below
   for definition.
 ``ssh_root_key``
   List containing public and private parts of root's key for SSH
   authorization. See below for definition.
-``node_daemon_certificate``
-  Node daemon certificate in PEM format, to be stored in ``server.pem``.
-``start_node_daemon``
-  Boolean value describing whether the node daemon should be
-  started/restarted. If not given, the daemon is not started.
 
 Lists of SSH keys use a tuple with three values. The first describes the
 key variant (``rsa`` or ``dsa``). The second and third are the public