diff --git a/nixos/hosts/common/nixos/openssh.nix b/nixos/hosts/common/nixos/openssh.nix
index 4290b6b..6dda998 100644
--- a/nixos/hosts/common/nixos/openssh.nix
+++ b/nixos/hosts/common/nixos/openssh.nix
@@ -8,6 +8,7 @@ let
   hosts = outputs.nixosConfigurations;
 in
 {
+
   services.openssh = {
     enable = true;
     settings = {
@@ -18,9 +19,11 @@ in
       StreamLocalBindUnlink = "yes";
       # Allow forwarding ports to everywhere
       GatewayPorts = "clientspecified";
+      # Don't allow home-directory authorized_keys
+
     };
   };
 
-  # Passwordless sudo when SSH'ing with keys
   security.pam.enableSSHAgentAuth = true;
+
 }
diff --git a/nixos/hosts/images/sd-image/default.nix b/nixos/hosts/images/sd-image/default.nix
index 229b25c..003227a 100644
--- a/nixos/hosts/images/sd-image/default.nix
+++ b/nixos/hosts/images/sd-image/default.nix
@@ -77,13 +77,9 @@
     ];
   };
 
-  security.pam.sshAgentAuth = {
-    # Passwordless sudo when SSH'ing with keys
-    enable = true;
-    authorizedKeysFiles = [
-      "/etc/ssh/authorized_keys.d/%u"
-    ];
-  };
+  # Passwordless sudo when SSH'ing with keys
+  security.pam.enableSSHAgentAuth = true;
+  security.pam.services.sudo.sshAgentAuth = true;
 
   # Free up to 1GiB whenever there is less than 100MiB left.
   nix.extraOptions = ''
diff --git a/nixos/hosts/nixosvm/default.nix b/nixos/hosts/nixosvm/default.nix
index a540998..8bb00e2 100644
--- a/nixos/hosts/nixosvm/default.nix
+++ b/nixos/hosts/nixosvm/default.nix
@@ -29,6 +29,9 @@
 
   networking.hostName = "nixosvm"; # Define your hostname.
 
+  # Passwordless sudo when SSH'ing with keys
+  security.pam.enableSSHAgentAuth = true;
+  security.pam.services.sudo.sshAgentAuth = true;
 
 
   # Pick only one of the below networking options.