diff --git a/services/openssh.nix b/services/openssh.nix
index 4114e3c..e6d5979 100644
--- a/services/openssh.nix
+++ b/services/openssh.nix
@@ -12,9 +12,11 @@ mkIf (elem "openssh" config.machine.services) {
     kexAlgorithms = [ "curve25519-sha256@libssh.org" ];
     sftpFlags = [ "-f AUTHPRIV" "-l INFO" ];
     startWhenNeeded = true;
-    challengeResponseAuthentication = false;
-    passwordAuthentication = false;
-    permitRootLogin = "no";
+    settings = {
+      KbdInteractiveAuthentication = false;
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+    };
     extraConfig = let users = concatMapStrings (user: "${user.name} ") config.machine.administrators
       + (optionalString config.services.gitea.enable (config.services.gitea.user + " "));
     in  ''