diff --git a/README.markdown b/README.markdown
index 8074e964..8d830981 100644
--- a/README.markdown
+++ b/README.markdown
@@ -235,7 +235,14 @@ Manages the user shell. Default: '/bin/bash'.
 
 #### `sshkeys`
 
-An array of SSH public keys associated with the user. These should be complete public key strings that include the type and name of the key, exactly as the key would appear in its id\_rsa.pub or id\_dsa.pub file. Must be an array. Default: an empty array.
+An array of SSH public keys associated with the user. These should be complete public key strings that include the type, content and name of the key, exactly as it would appear in its `id_*.pub` file, or with an optional options string preceding the other components, as it would appear as an entry in an `authorized_keys` file.  Must be an array. Default: an empty array.
+
+Examples:
+
+* `ssh-rsa AAAAB3NzaC1y... bob@example.com`
+* `from="myhost.example.com,192.168.1.1" ssh-rsa AAAAQ4ngoeiC... bob2@example.com`
+
+Note that for multiple keys, the name component (the last) must be unique.
 
 #### `uid`
 
@@ -253,6 +260,8 @@ Parses an ssh authorized_keys option string into an array using its expected pat
 
 ## Limitations
 
+For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-accounts/blob/master/metadata.json)
+
 This module works with Puppet Enterprise 2015.3 and later.
 
 ### Changes from pe\_accounts
diff --git a/manifests/key_management.pp b/manifests/key_management.pp
index 798fea0c..34e1ac9d 100644
--- a/manifests/key_management.pp
+++ b/manifests/key_management.pp
@@ -39,10 +39,13 @@
   if $sshkeys != [] {
     $sshkeys.each |$sshkey| {
       accounts::manage_keys { "${sshkey} for ${user}":
+        keyspec  => $sshkey,
         user     => $user,
         key_file => $key_file,
-        require  => File["${user_home}/.ssh"],
-        before   => File[$key_file],
+        require  => [
+          File["${user_home}/.ssh"],
+          File[$key_file],
+        ],
       }
     }
   }
diff --git a/manifests/manage_keys.pp b/manifests/manage_keys.pp
index 9249aadb..c2881ae2 100644
--- a/manifests/manage_keys.pp
+++ b/manifests/manage_keys.pp
@@ -1,31 +1,33 @@
 #
 define accounts::manage_keys(
+  String $keyspec,
   String $user,
   String $key_file,
 ) {
 
-  $key_array   = split($name, ' ')
-  # If the key array doesn't start with ssh or ecdsa, then key_array[0] is
-  # assumed to contain ssh options separated by commas.
-  if $key_array[0] =~ /^ssh|^ecdsa-sha2/ {
-    $key_options = undef
-    $key_type    = $key_array[0]
-    $key_content = $key_array[1]
-    $key_name    = $key_array[2]
-  } else {
-    $key_options = accounts_ssh_options_parser($key_array[0])
-    $key_type    = $key_array[1]
-    $key_content = $key_array[2]
-    $key_name    = $key_array[3]
+  $key_def = $keyspec.match(/^((.*)\s+)?((ssh|ecdsa-sha2).*)\s+(.*)\s+(.*)$/)
+  if (! $key_def) {
+    err("Could not interpret SSH key definition: '${keyspec}'")
   }
-  $key_title = "${user}_${key_type}_${key_name}"
+  else {
+    if ($key_def[2]) {
+      $key_options = accounts_ssh_options_parser($key_def[2])
+    } else {
+      $key_options = undef
+    }
+    $key_type    = $key_def[3]
+    $key_content = $key_def[5]
+    $key_name    = $key_def[6]
 
-  ssh_authorized_key { $key_title:
-    ensure  => present,
-    user    => $user,
-    key     => $key_content,
-    type    => $key_type,
-    options => $key_options,
-    target  => $key_file,
+    $key_title = "${user}_${key_type}_${key_name}"
+
+    ssh_authorized_key { $key_title:
+      ensure  => present,
+      user    => $user,
+      key     => $key_content,
+      type    => $key_type,
+      options => $key_options,
+      target  => $key_file,
+    }
   }
 }
diff --git a/manifests/user.pp b/manifests/user.pp
index 19dd8ba3..7952d376 100644
--- a/manifests/user.pp
+++ b/manifests/user.pp
@@ -38,7 +38,7 @@
   Optional[Pattern[/^absent$|^\d{4}-\d{2}-\d{2}$/]] $expiry = undef,
   Optional[String] $sshkey_custom_path          = undef,
 ) {
-  
+
   if $home {
     $home_real = $home
   } elsif $name == 'root' {
diff --git a/spec/acceptance/user_spec.rb b/spec/acceptance/user_spec.rb
index 17f9191a..3649b4ad 100644
--- a/spec/acceptance/user_spec.rb
+++ b/spec/acceptance/user_spec.rb
@@ -19,7 +19,7 @@
             bash_profile_content => file('accounts/shell/bash_profile'),
             sshkeys              => [
               'ssh-rsa #{test_key} vagrant',
-              'from="myhost.example.com,192.168.1.1" ssh-rsa #{test_key} vagrant2'
+              'command="/bin/echo Hello",from="myhost.example.com,192.168.1.1" ssh-rsa #{test_key} vagrant2'
             ],
           }
 PUPPETCODE