{
    services.openssh = {
        enable = true;
        openFirewall = true;

        settings = {
            PermitRootLogin = "prohibit-password";
            KbdInteractiveAuthentication = false;
            PasswordAuthentication = false;
        };
    };
}