diff --git a/README.md b/README.md
index b728e96..a405cd6 100644
--- a/README.md
+++ b/README.md
@@ -45,9 +45,13 @@ Example JSON config:
     },
     "timezone": "Europe/Moscow",
     "resticPassword": "PASS",
-    "rootSshKeys": [
-        "ssh-ed25519 KEY user@host"
-    ],
+    "ssh": {
+        "enable": true,
+        "rootSshKeys": [
+            "ssh-ed25519 KEY user@host"
+        ],
+        "passwordAuthentication": true
+    },
     "username": "owner",
     "users": [
         {
diff --git a/configuration.nix b/configuration.nix
index 4c54a15..130754b 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -37,10 +37,10 @@
   };
   time.timeZone = config.services.userdata.timezone;
   i18n.defaultLocale = "en_GB.UTF-8";
-  users.users.root.openssh.authorizedKeys.keys = config.services.userdata.rootSshKeys;
+  users.users.root.openssh.authorizedKeys.keys = config.services.userdata.ssh.rootKeys;
   services.openssh = {
-    enable = true;
-    passwordAuthentication = true;
+    enable = config.services.userdata.ssh.enable;
+    passwordAuthentication = config.services.userdata.ssh.passwordAuthentication;
     permitRootLogin = "yes";
     openFirewall = false;
   };
diff --git a/userdata/schema.json b/userdata/schema.json
index 8f3f07f..c49ae6f 100644
--- a/userdata/schema.json
+++ b/userdata/schema.json
@@ -103,10 +103,21 @@
         "resticPassword": {
             "type": "string"
         },
-        "rootSshKeys": {
-            "type": "array",
-            "items": {
-                "type": "string"
+        "ssh": {
+            "type": "object",
+            "properties": {
+                "enable": {
+                    "type": "boolean"
+                },
+                "rootKeys": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "passwordAuthentication": {
+                    "type": "boolean"
+                }
             }
         },
         "users": {
diff --git a/variables-module.nix b/variables-module.nix
index ff9a0d5..54c31bf 100644
--- a/variables-module.nix
+++ b/variables-module.nix
@@ -117,11 +117,24 @@ in
       '';
       type = types.nullOr types.string;
     };
-    rootSshKeys = mkOption {
-      description = ''
+    ssh = {
+      enable = mkOption {
+        default = true;
+        type = types.nullOr types.bool;
+      };
+      rootKeys = mkOption {
+        description = ''
         Root SSH Keys
-      '';
-      type = types.nullOr (types.listOf types.string);
+        '';
+        type = types.nullOr (types.listOf types.string);
+      };
+      passwordAuthentication = mkOption {
+        description = ''
+          Password authentication for SSH
+        '';
+        default = true;
+        type = types.nullOr types.bool;
+      };
     };
     timezone = mkOption {
       description = ''