{
  services.openssh = {
    enable = true;

    startWhenNeeded = true;

    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;

      PermitRootLogin = "no";

      StreamLocalBindUnlink = true;
    };
  };
}