diff --git a/modules/ssh-server.nix b/modules/ssh-server.nix
index 4ea7c66..0d05350 100644
--- a/modules/ssh-server.nix
+++ b/modules/ssh-server.nix
@@ -5,10 +5,13 @@
   services.openssh = {
     enable = true;
     #ports = [ 22 ];
-    # Forbid root login through SSH.
-    settings.PermitRootLogin = "no";
     # Use authorized keys only.
     settings.PasswordAuthentication = false;
+    # Forbid/Limit root login through SSH.
+    #settings.PermitRootLogin = "no";
+    #settings.PermitRootLogin = "prohibit-password";
+    # Enabling this is required for commands such as sftp and sshfs.
+    allowSFTP = false;
   };
 
   # SSH public key(s) allowed to connect via SSH.