diff --git a/modules/common/default.nix b/modules/common/default.nix
index 62baed8..382b5f3 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -25,12 +25,18 @@
   };
 
   programs.mosh.enable = true;
-  services = {
-    openssh = {
-      enable = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-    };
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "no";
+    passwordAuthentication = false;
+    kbdInteractiveAuthentication = false;
+    extraConfig = ''
+      AllowTcpForwarding yes
+      X11Forwarding no
+      AllowAgentForwarding no
+      AllowStreamLocalForwarding no
+      AuthenticationMethods publickey
+    '';
   };
 
   # Select internationalisation properties.