diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..d9ee8928
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,19 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# GoLand
+.idea/
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
diff --git a/ssh/authorisedkeys.go b/ssh/authorisedkeys.go
index 3946898c..63f2d48e 100644
--- a/ssh/authorisedkeys.go
+++ b/ssh/authorisedkeys.go
@@ -56,6 +56,9 @@ func authKeysDir(username string) (string, error) {
 // authorized_keys file and returns the constituent parts.
 // Based on description in "man sshd".
 func ParseAuthorisedKey(line string) (*AuthorisedKey, error) {
+	if strings.Contains(line, "\n") {
+		return nil, errors.NotValidf("newline in authorized_key %q", line)
+	}
 	key, comment, _, _, err := ssh.ParseAuthorizedKey([]byte(line))
 	if err != nil {
 		return nil, errors.Errorf("invalid authorized_key %q", line)
diff --git a/ssh/authorisedkeys_test.go b/ssh/authorisedkeys_test.go
index 71a4c971..0b752a30 100644
--- a/ssh/authorisedkeys_test.go
+++ b/ssh/authorisedkeys_test.go
@@ -260,6 +260,9 @@ func (s *AuthorisedKeysKeysSuite) TestParseAuthorisedKey(c *gc.C) {
 	}, {
 		line: "ssh-rsa",
 		err:  "invalid authorized_key \"ssh-rsa\"",
+	}, {
+		line: sshtesting.ValidKeyOne.Key + " line1\nline2",
+		err:  "newline in authorized_key \".*",
 	}} {
 		c.Logf("test %d: %s", i, test.line)
 		ak, err := ssh.ParseAuthorisedKey(test.line)
diff --git a/ssh/export_test.go b/ssh/export_test.go
index 7a26f819..86a222d9 100644
--- a/ssh/export_test.go
+++ b/ssh/export_test.go
@@ -37,3 +37,9 @@ func PatchTerminal(s *testing.CleanupSuite, rlw ReadLineWriter) {
 		c.Assert(atomic.LoadInt64(&balance), gc.Equals, int64(0))
 	})
 }
+
+func PatchNilTerminal(s *testing.CleanupSuite) {
+	s.PatchValue(&getTerminal, func() (readLineWriter, func(), error) {
+		return nil, func() {}, nil
+	})
+}
diff --git a/ssh/ssh_gocrypto_test.go b/ssh/ssh_gocrypto_test.go
index 3a2196d8..934e961f 100644
--- a/ssh/ssh_gocrypto_test.go
+++ b/ssh/ssh_gocrypto_test.go
@@ -183,12 +183,9 @@ func (s *SSHGoCryptoCommandSuite) SetUpTest(c *gc.C) {
 	generateKeyRestorer := overrideGenerateKey()
 	s.AddCleanup(func(*gc.C) { generateKeyRestorer.Restore() })
 
-	client, err := ssh.NewGoCryptoClient()
-	c.Assert(err, jc.ErrorIsNil)
-	s.client = client
-
 	s.knownHostsFile = filepath.Join(c.MkDir(), "known_hosts")
 	ssh.SetGoCryptoKnownHostsFile(s.knownHostsFile)
+	ssh.PatchNilTerminal(&s.CleanupSuite)
 }
 
 func (s *SSHGoCryptoCommandSuite) newServer(c *gc.C, serverConfig cryptossh.ServerConfig) (*sshServer, cryptossh.PublicKey) {