diff --git a/modules/server/network.nix b/modules/server/network.nix
index 3102189..87a408d 100644
--- a/modules/server/network.nix
+++ b/modules/server/network.nix
@@ -10,7 +10,13 @@ with lib;
   config = {
     services.openssh = mkIf config.server.networking.enableSSH {
       enable = true;
-      settings.PermitRootLogin = "no";
+      settings = {
+        StrictModes = true;
+        PermitRootLogin = "no";
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitEmptyPasswords = "no";
+      };
     };
 
     networking.firewall.allowedTCPPorts = [