diff --git a/Makefile b/Makefile
index f238bd2..b68e66d 100644
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@ export SSH_AUTHKEYS?=authkeys
 
 export SSH_HOST?=localhost
 export SSH_PORT?=2222
-export SSH_OPTS?=-R 1234:localhost:22
+export SSH_OPTS?=-R 0.0.0.0:1234:localhost:3000
 
 run:
 	go run .
@@ -17,4 +17,4 @@ genkeys:
 	rm -f $(SSH_HOSTKEYS)/*.pub
 
 forward:
-	ssh $(SSH_HOST) -p $(SSH_PORT) $(SSH_OPTS)
\ No newline at end of file
+	ssh -T $(SSH_HOST) -p $(SSH_PORT) $(SSH_OPTS)
diff --git a/README.md b/README.md
index 16b02c1..178cb76 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,29 @@
 # sshfwd
+
+This is a reverse forward service that uses SSH as the transport. It works similar to ngrok or localtunnel.me.
+
+You run the service on a internet addressible host and ssh to it. Using ssh remote forwards (ie. ssh -R) the port on the remote host will be forwared to
+the configured port on your local machine.
+
+on Remote host:
+
+```sh
+$ make genkeys  # generate the services host keys.
+$ SSH_HOSTKEYS=hostkeys SSH_LISTEN=:2222 sshfwd   # run service on port 2222
+```
+
+on your local machine:
+
+```sh
+$ ssh -T remote.example.com -p 2222 -R 0.0.0.0:1234:localhost:3000
+```
+
+now if you access `remote.example.com:1234` it will be the same as accessing `localhost:3000`
+
+# Pubkeys
+
+if the env variable `SSH_AUTHKEYS` is set it will require that the client authenticates with one of the keys in the `SSH_AUTHKEYS` directory.
+
+```sh
+$ SSH_LISTEN=:2222 SSH_HOSTKEYS=hostkeys SSH_AUTHKEYS=authkeys sshfwd
+```
diff --git a/authkeys/jlundy@caring.com b/authkeys/jlundy@caring.com
new file mode 100644
index 0000000..7d187ee
--- /dev/null
+++ b/authkeys/jlundy@caring.com
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKk9O/oAyP6OZetRFQUjjJeeQAZLqmlPCUwNvJzmAjwR jonlundy@MB-C02F1Q5XMD6M