diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index 0311fe3..8854a0d 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -25,7 +25,19 @@
 
   networking.hostName = "${hostName}";
 
-  services.openssh.enable = true;
+  # hardened openssh
+  services.openssh = {
+    passwordAuthentication = false;
+    allowSFTP = false; 
+    challengeResponseAuthentication = false;
+    extraConfig = ''
+      AllowTcpForwarding yes
+      X11Forwarding no
+      AllowAgentForwarding no
+      AllowStreamLocalForwarding no
+      AuthenticationMethods publickey
+    '';
+  };
 
   system.stateVersion = "24.11";