diff --git a/Dockerfile b/Dockerfile
index 4922e49..70b960f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.11.6
+FROM alpine:3.12.1
 
 LABEL maintainer="Mark <mark.binlab@gmail.com>"
 
@@ -20,6 +20,8 @@ RUN addgroup -S -g ${GID} ${GROUP} \
     && sed -i "s/${USER}:!/${USER}:*/g" /etc/shadow \
     && set -x \
     && apk add --no-cache openssh-server \
+                          openssh-server-pam \
+                          linux-pam \
     && echo "Welcome to Bastion!" > /etc/motd \
     && chmod +x /usr/sbin/bastion \
     && mkdir -p ${HOST_KEYS_PATH} \
@@ -30,4 +32,4 @@ EXPOSE 22/tcp
 
 VOLUME ${HOST_KEYS_PATH}
 
-ENTRYPOINT ["bastion"]
\ No newline at end of file
+ENTRYPOINT ["bastion"]
diff --git a/bastion b/bastion
index e3ab8bb..327f2c4 100644
--- a/bastion
+++ b/bastion
@@ -66,6 +66,13 @@ else
     CONFIG_LISTEN_PORT="-o Port=22"
 fi
 
+if [ "x$OPEN_ACCESS" = "xtrue" ]; then
+    echo "Warning: server will accept all incoming connections!!!"
+    CONFIG_ACCESS="-o UsePAM=yes"
+    echo "bastion" >/etc/sshd_allowed_users
+    echo "auth sufficient pam_listfile.so item=user sense=allow file=/etc/sshd_allowed_users onerr=fail" > /etc/pam.d/sshd
+fi
+
 /usr/sbin/sshd -D -e -4 \
     -o "HostKey=$HOST_KEYS_PATH/ssh_host_rsa_key" \
     -o "HostKey=$HOST_KEYS_PATH/ssh_host_dsa_key" \
@@ -84,4 +91,5 @@ fi
     $CONFIG_TRUSTED_USER_CA_KEYS \
     $CONFIG_AUTHORIZED_PRINCIPALS_FILE \
     $CONFIG_LISTEN_ADDRESS \
-    $CONFIG_LISTEN_PORT
+    $CONFIG_LISTEN_PORT \
+    $CONFIG_ACCESS
diff --git a/test.sh b/test.sh
new file mode 100755
index 0000000..73aee71
--- /dev/null
+++ b/test.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+docker build -t bastion .
+
+
+docker run --rm --name bastion \
+    -p 2222:22 \
+    -e OPEN_ACCESS=true \
+    bastion