diff --git a/hosts/luna/modules/services/openssh.nix b/hosts/luna/modules/services/openssh.nix
index d816617..3eb2d84 100644
--- a/hosts/luna/modules/services/openssh.nix
+++ b/hosts/luna/modules/services/openssh.nix
@@ -1,49 +1,26 @@
-{ config, ... }:
-{
+{ config, ... }: {
   services.openssh = {
     enable = true;
     startWhenNeeded = true;
     # We set the hostkeys manually so they persist through reboots
-    hostKeys = [
-      {
-        path = (config.environment.persistence.ephemeral.persistentStoragePath + "/etc/ssh/ssh_host_ed25519_key");
-        type = "ed25519";
-      }
-    ];
-    sftpFlags = [
-      "-f AUTHPRIV"
-      "-l INFO"
-    ];
-    extraConfig = ''
-      AllowUsers price
-    '';
+    hostKeys = [{
+      path = (config.environment.persistence.ephemeral.persistentStoragePath
+        + "/etc/ssh/ssh_host_ed25519_key");
+      type = "ed25519";
+    }];
+    sftpFlags = [ "-f AUTHPRIV" "-l INFO" ];
     settings = {
       PasswordAuthentication = false;
+      AuthenticationMethods = "publickey";
+      KbdInteractiveAuthentication = false;
       PermitRootLogin = "no";
-      GatewayPorts = "yes";
+      X11Forwarding = false;
+      AllowAgentForwarding = false;
+      AllowStreamLocalForwarding = false;
       LogLevel = "VERBOSE";
-      KexAlgorithms = [
-        "curve25519-sha256"
-        "curve25519-sha256@libssh.org"
-        "diffie-hellman-group-exchange-sha256"
-      ];
-      Ciphers = [
-        "chacha20-poly1305@openssh.com"
-        "aes256-gcm@openssh.com"
-        "aes128-gcm@openssh.com"
-        "aes256-ctr"
-        "aes192-ctr"
-        "aes128-ctr"
-      ];
-      Macs = [
-        "hmac-sha2-512-etm@openssh.com"
-        "hmac-sha2-256-etm@openssh.com"
-        "umac-128-etm@openssh.com"
-      ];
+      AllowUsers = [ "price" ];
     };
-    ports = [
-      2200
-    ];
+    ports = [ 2200 ];
     banner = ''
       ┌────────────────────────────────────────────────────┐
       │        Orion Technologies - Security Notice        │