diff --git a/sovr/etc/nixos/configuration.nix b/sovr/etc/nixos/configuration.nix
index a8381c4..4f15581 100644
--- a/sovr/etc/nixos/configuration.nix
+++ b/sovr/etc/nixos/configuration.nix
@@ -65,7 +65,13 @@
     enable = true;
     network.enable = true;
   };
-  services.openssh.enable = true;
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    settings.PermitRootLogin = "no";
+  };
   services.sovr-server = {
     enable = true;
     sessionSecret = "secret";