{ config, lib, pkgs, ... }:

{
  services.openssh = {
    enable = true;
    startWhenNeeded = true;
    challengeResponseAuthentication = false;
    passwordAuthentication = false;
    permitRootLogin = "no";
    extraConfig = ''
        AllowUsers derped git
    '';
  };
}