diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix
index e9370f5..36eb02e 100644
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@@ -2,9 +2,15 @@
     networking.firewall.allowedTCPPorts = [ 22 ];
     services.openssh = {
         enable = true;
+        allowSFTP = false;
         settings.PasswordAuthentication = false;
         settings.KbdInteractiveAuthentication = false;
+        settings.X11Forwarding = false;
         settings.PermitRootLogin = "no";
-        settings.X11Forwarding = true;
+        extraConfig = ''
+            AllowAgentForwarding no
+            AllowStreamLocalForwarding no
+            AuthenticationMethods publickey
+        '';
     };
 }