diff --git a/internal/lagoondb/client.go b/internal/lagoondb/client.go
index a13829b..c14fba3 100644
--- a/internal/lagoondb/client.go
+++ b/internal/lagoondb/client.go
@@ -107,6 +107,10 @@ func (c *Client) UserBySSHFingerprint(
 		}
 		return nil, err
 	}
+	// usid column in set NOT NULL, so this should be impossible
+	if user.UUID == nil {
+		return nil, errors.New("NULL user UUID")
+	}
 	return &user, nil
 }
 
diff --git a/internal/sshtoken/authhandler.go b/internal/sshtoken/authhandler.go
index fd8ba1d..c8b4584 100644
--- a/internal/sshtoken/authhandler.go
+++ b/internal/sshtoken/authhandler.go
@@ -64,7 +64,7 @@ func pubKeyAuth(log *slog.Logger, ldb LagoonDBService) ssh.PublicKeyHandler {
 		// successful. Inject the user UUID into the context so it can be used in
 		// the session handler.
 		authnSuccessTotal.Inc()
-		ctx.SetValue(userUUIDkey, user.UUID)
+		ctx.SetValue(userUUIDkey, *user.UUID)
 		log.Info("authentication successful",
 			slog.String("userUUID", user.UUID.String()))
 		return true