diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 9593963..6df325b 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -42,18 +42,22 @@
   };
 
   # hardened openssh
-  services.openssh = {
-    allowSFTP = false;
-    extraConfig = ''
-      AllowTcpForwarding yes
-      X11Forwarding no
-      AllowAgentForwarding no
-      AllowStreamLocalForwarding no
-      AuthenticationMethods publickey
-    '';
-    settings = {
-      KbdInteractiveAuthentication = false;
-      PasswordAuthentication = false;
+  services = {
+    fail2ban.enable = true;
+    endlessh = {
+      enable = true;
+      port = 22;
+      openFirewall = true;
+    };
+    openssh = {
+      enable = true;
+      ports = [ 5011 ];
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitRootLogin = "no";
+        AllowUsers = [ "srv" ];
+      };
     };
   };