diff --git a/hosts/micronix/default.nix b/hosts/micronix/default.nix
index 3abbf0b..8d28420 100644
--- a/hosts/micronix/default.nix
+++ b/hosts/micronix/default.nix
@@ -8,6 +8,7 @@
     ./ui.nix
     ./searxng.nix
     ./energy.nix
+    ./ssh.nix
   ];
 
   config = {
diff --git a/hosts/micronix/ssh.nix b/hosts/micronix/ssh.nix
new file mode 100644
index 0000000..0a5893c
--- /dev/null
+++ b/hosts/micronix/ssh.nix
@@ -0,0 +1,24 @@
+{...}: {
+  programs.ssh = {
+    startAgent = true;
+    enableAskPassword = true;
+    hostKeyAlgorithms = [
+      "ssh-ed25519"
+    ];
+    pubkeyAcceptedKeyTypes = [
+      "ssh-ed25519"
+    ];
+    kexAlgorithms = [
+      "sntrup761x25519-sha512@openssh.com"
+      "curve25519-sha256@libssh.org"
+    ];
+    ciphers = [
+      "chacha20-poly1305@openssh.com"
+      "aes256-gcm@openssh.com"
+    ];
+    macs = [
+      "hmac-sha2-512-etm@openssh.com"
+      "hmac-sha2-256-etm@openssh.com"
+    ];
+  };
+}
diff --git a/hosts/micronix/users.nix b/hosts/micronix/users.nix
index 694c386..9c69c65 100644
--- a/hosts/micronix/users.nix
+++ b/hosts/micronix/users.nix
@@ -147,9 +147,4 @@
       enable = true;
     };
   };
-
-  programs.ssh = {
-    enable = true;
-    startAgent = true;
-  };
 }