diff --git a/build.sh b/build.sh
index 0e28109..47aca72 100644
--- a/build.sh
+++ b/build.sh
@@ -162,6 +162,8 @@ on_chroot << EOF
 apt-get install -y ssh
 EOF
 
+apply_file 644 '/etc/ssh/sshd_config'
+
 rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_key"
 rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_key.pub"
 
diff --git a/files/etc/ssh/sshd_config b/files/etc/ssh/sshd_config
new file mode 100644
index 0000000..13aaa2c
--- /dev/null
+++ b/files/etc/ssh/sshd_config
@@ -0,0 +1,26 @@
+# See the sshd_config(5) manpage for details
+
+Protocol 2
+
+Port 22
+AddressFamily inet
+
+HostKey /etc/ssh/ssh_host_key
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Change to "no" after ssh-copy-id
+PasswordAuthentication yes
+
+PermitRootLogin no
+ChallengeResponseAuthentication no
+
+LoginGraceTime 120
+TCPKeepAlive yes
+
+PrintMotd no
+PrintLastLog yes
+
+Subsystem sftp /usr/lib/openssh/sftp-server