diff --git a/modules/core/services.nix b/modules/core/services.nix
index 41aa45e5..6ce74472 100644
--- a/modules/core/services.nix
+++ b/modules/core/services.nix
@@ -7,6 +7,7 @@
     # If you don't want the host to have SSH actually opened up to the net,
     # set `services.openssh.openFirewall` to false in your config.
     openFirewall = lib.mkDefault true;
+    passwordAuthentication = false;
   };
 
   # Service that makes Out of Memory Killer more effective
diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix
index 75275a11..2dc439cf 100644
--- a/modules/paranoia/default.nix
+++ b/modules/paranoia/default.nix
@@ -39,7 +39,6 @@ in
     # fileSystems."/".options = [ "noexec" ];
 
     services.openssh = {
-      passwordAuthentication = false;
       kbdInteractiveAuthentication = false;
       extraConfig = ''
         AllowTcpForwarding yes