diff --git a/hosts/nixedo/configuration.nix b/hosts/nixedo/configuration.nix
index d5f251cf..e218ec5b 100644
--- a/hosts/nixedo/configuration.nix
+++ b/hosts/nixedo/configuration.nix
@@ -12,6 +12,7 @@
     mixins-common
     mixins-docker
     mixins-fzf
+    mixins-openssh
     mixins-starship
     mixins-zsh
 
diff --git a/hosts/nixedo/services.nix b/hosts/nixedo/services.nix
deleted file mode 100644
index 272c30d0..00000000
--- a/hosts/nixedo/services.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  services = {
-    openssh.enable = true;
-  };
-}
diff --git a/hosts/t480/configuration.nix b/hosts/t480/configuration.nix
index 70d39844..0d44fb32 100644
--- a/hosts/t480/configuration.nix
+++ b/hosts/t480/configuration.nix
@@ -133,7 +133,6 @@ in
     };
 
     gvfs.enable = true;
-    openssh.enable = true;
     power-profiles-daemon.enable = false;
     printing.enable = true;
     pulseaudio.enable = false;
diff --git a/modules/mixins/openssh.nix b/modules/mixins/openssh.nix
new file mode 100644
index 00000000..542ca976
--- /dev/null
+++ b/modules/mixins/openssh.nix
@@ -0,0 +1,14 @@
+{ lib, ... }:
+
+{
+  services.openssh = {
+    enable = true;
+
+    openFirewall = lib.mkForce true;
+
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = lib.mkForce "no";
+    };
+  };
+}