diff --git a/hosts/tartarus/configuration.nix b/hosts/tartarus/configuration.nix
index fd99b82..58f21f7 100644
--- a/hosts/tartarus/configuration.nix
+++ b/hosts/tartarus/configuration.nix
@@ -70,7 +70,6 @@ in {
 
   # Enable touchpad support (enabled default in most desktopManager).
   # services.xserver.libinput.enable = true;
-  virtualisation.docker.enable = true;
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.osbm = {
@@ -103,9 +102,6 @@ in {
 
   # List services that you want to enable:
 
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];
diff --git a/hosts/ymir/configuration.nix b/hosts/ymir/configuration.nix
index 6b24796..760d0eb 100644
--- a/hosts/ymir/configuration.nix
+++ b/hosts/ymir/configuration.nix
@@ -128,8 +128,6 @@ in {
   # Enable touchpad support (enabled default in most desktopManager).
   # services.xserver.libinput.enable = true;
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  virtualisation.docker.enable = true;
 
   users.users = {
     osbm = {
@@ -192,8 +190,7 @@ in {
 
   # List services that you want to enable:
 
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
+
 
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
diff --git a/modules/common-packages.nix b/modules/common-packages.nix
index 572ca45..9c9e5af 100644
--- a/modules/common-packages.nix
+++ b/modules/common-packages.nix
@@ -75,4 +75,29 @@
       package = pkgs.nix-direnv;
     };
   };
+
+  virtualisation.docker.enable = true;
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    startWhenNeeded = true;
+    settings = {
+      PermitRootLogin = "no";
+
+      # only allow key based logins and not password
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      AuthenticationMethods = "publickey";
+      PubkeyAuthentication = "yes";
+      ChallengeResponseAuthentication = "no";
+      UsePAM = false;
+
+
+      # kick out inactive sessions
+      ClientAliveCountMax = 5;
+      ClientAliveInterval = 60;
+    };
+  };
+
 }