diff --git a/users/default.nix b/users/default.nix
index 3d16fb4..6976943 100644
--- a/users/default.nix
+++ b/users/default.nix
@@ -1,4 +1,4 @@
-{lib, ...}:
+{lib, config, ...}:
 with lib;
 let
   # get all files in folder
@@ -17,4 +17,17 @@ in
 
   imports = makeAbsolute ./.;
 
+  services.openssh.extraConfig =
+    lib.pipe (builtins.attrNames config.users.users) [
+      (builtins.filter (uname: builtins.any (x: x) [
+        (config.users.users.${uname}.group == "wheel")
+        (builtins.elem "wheel" config.users.users.${uname}.extraGroups)
+      ]))
+      (builtins.map (uname: ''
+        Match User ${uname}
+          PasswordAuthentication no
+      ''))
+      lib.concatLines
+    ];
+
 }