diff --git a/config.yaml b/config.yaml
index 07d14dd..6d397f4 100644
--- a/config.yaml
+++ b/config.yaml
@@ -50,6 +50,11 @@ options:
     default: "yes"
     type: string
     description: Whether to run nova-api and nova-network on the compute nodes.
+  enable-resize:
+    default: False
+    type: boolean
+    description: Enable instance resizing, which requires that passwordless SSH
+      access be setup between compute hosts.
   enable-live-migration:
     default: False
     type: boolean
diff --git a/hooks/nova_compute_hooks.py b/hooks/nova_compute_hooks.py
index 890ed90..3f40559 100755
--- a/hooks/nova_compute_hooks.py
+++ b/hooks/nova_compute_hooks.py
@@ -75,7 +75,11 @@ def config_changed():
         # Check-in with nova-c-c and register new ssh key, if it has just been
         # generated.
         initialize_ssh_keys()
-        [compute_joined(rid) for rid in relation_ids('cloud-compute')]
+
+    if config('enable-resize') is True:
+        initialize_ssh_keys(user='nova')
+
+    [compute_joined(rid) for rid in relation_ids('cloud-compute')]
 
     CONFIGS.write_all()
 
@@ -140,15 +144,19 @@ def image_service_changed():
 
 @hooks.hook('cloud-compute-relation-joined')
 def compute_joined(rid=None):
-    if not migration_enabled():
-        return
-    auth_type = config('migration-auth-type')
-    settings = {
-        'migration_auth_type': auth_type
-    }
-    if auth_type == 'ssh':
-        settings['ssh_public_key'] = public_ssh_key()
-    relation_set(relation_id=rid, **settings)
+    if migration_enabled():
+        auth_type = config('migration-auth-type')
+        settings = {
+            'migration_auth_type': auth_type
+        }
+        if auth_type == 'ssh':
+            settings['ssh_public_key'] = public_ssh_key()
+        relation_set(relation_id=rid, **settings)
+    if config('enable-resize'):
+        settings = {
+            'nova_ssh_public_key': public_ssh_key(user='nova')
+        }
+        relation_set(relation_id=rid, **settings)
 
 
 @hooks.hook('cloud-compute-relation-changed')
@@ -158,6 +166,7 @@ def compute_changed():
     # config advertised from controller.
     CONFIGS.write_all()
     import_authorized_keys()
+    import_authorized_keys(user='nova', prefix='nova')
     import_keystone_ca_cert()
     if (network_manager() in ['quantum', 'neutron']
             and neutron_plugin() == 'ovs'):
diff --git a/hooks/nova_compute_utils.py b/hooks/nova_compute_utils.py
index 8416db4..b937938 100644
--- a/hooks/nova_compute_utils.py
+++ b/hooks/nova_compute_utils.py
@@ -310,13 +310,18 @@ def initialize_ssh_keys(user='root'):
     check_output(['chown', '-R', user, ssh_dir])
 
 
-def import_authorized_keys(user='root'):
+def import_authorized_keys(user='root', prefix=None):
     """Import SSH authorized_keys + known_hosts from a cloud-compute relation
     and store in user's $HOME/.ssh.
     """
-    # XXX: Should this be managed via templates + contexts?
-    hosts = relation_get('known_hosts')
-    auth_keys = relation_get('authorized_keys')
+    if prefix:
+        hosts = relation_get('{}_known_hosts'.format(prefix))
+        auth_keys = relation_get('{}_authorized_keys'.format(prefix))
+    else:
+        # XXX: Should this be managed via templates + contexts?
+        hosts = relation_get('known_hosts')
+        auth_keys = relation_get('authorized_keys')
+
     # XXX: Need to fix charm-helpers to return None for empty settings,
     #      in all cases.
     if not hosts or not auth_keys: