diff --git a/services/openssh.nix b/services/openssh.nix
index 28fca4f..00003ce 100644
--- a/services/openssh.nix
+++ b/services/openssh.nix
@@ -15,9 +15,12 @@ mkIf (elem "openssh" config.machine.services) {
     challengeResponseAuthentication = false;
     passwordAuthentication = false;
     permitRootLogin = "no";
-    extraConfig = ''
+    extraConfig = let users = concatMapStrings (user: "${user.name} ") config.machine.administrators
+      + (if config.services.gitea.enable then (config.services.gitea.user + " ") else "")
+      + (if config.services.nix-serve.enable then "nix-ssh" else "");
+    in  ''
         UsePAM no
-        AllowUsers derped git nix-ssh
+        AllowUsers ${users}
         UsePrivilegeSeparation sandbox
         LogLevel VERBOSE
     '';