diff --git a/hosts/elara/default.nix b/hosts/elara/default.nix
index 63dfec3..6c81cf5 100644
--- a/hosts/elara/default.nix
+++ b/hosts/elara/default.nix
@@ -27,6 +27,7 @@
     ../common/configs/system/podman
     ../common/configs/system/sops
     ../common/configs/system/ssh
+    ../common/configs/system/sshd
     ../common/configs/system/sudo
     ../common/configs/system/system
     ../common/configs/system/users
diff --git a/hosts/elara/users/nikara/default.nix b/hosts/elara/users/nikara/default.nix
index c5c9a7c..a830732 100644
--- a/hosts/elara/users/nikara/default.nix
+++ b/hosts/elara/users/nikara/default.nix
@@ -84,6 +84,10 @@ in
     ];
     linger = true;
     uid = lib.strings.toInt (builtins.readFile ./uid);
+    openssh.authorizedKeys.keyFiles = [
+      "${inputs.secrets}/domains/personal/id_ed25519.pub"
+      "${inputs.secrets}/domains/sas/id_ed25519.pub"
+    ];
   };
 
   wsl.defaultUser = user;
diff --git a/hosts/himalia/default.nix b/hosts/himalia/default.nix
index 59356bc..b1d4b36 100644
--- a/hosts/himalia/default.nix
+++ b/hosts/himalia/default.nix
@@ -40,6 +40,7 @@
     ../common/configs/system/smartmontools
     ../common/configs/system/sops
     ../common/configs/system/ssh
+    ../common/configs/system/sshd
     ../common/configs/system/sudo
     ../common/configs/system/system
     ../common/configs/system/timezone
diff --git a/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix b/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix
index 6ed7f98..541e8aa 100644
--- a/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix
@@ -11,7 +11,15 @@ let
   inherit (hmConfig.virtualisation.quadlet) networks;
 in
 {
-  networking.firewall.allowedTCPPorts = [ 2222 ];
+  networking.firewall = {
+    allowedTCPPorts = [ 2222 ];
+    allowedTCPPortRanges = [
+      {
+        from = 61000;
+        to = 61999;
+      }
+    ];
+  };
 
   home-manager.users.${user} = {
     sops.secrets."sish/ssh/key".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
@@ -44,7 +52,10 @@ in
             "traefik.http.routers.sish.rule=HostRegexp(`^(.+\.)?tunnel\.karaolidis\.com$`)"
             "traefik.http.services.sish.loadbalancer.server.port=80"
           ];
-          publishPorts = [ "2222:2222/tcp" ];
+          publishPorts = [
+            "2222:2222/tcp"
+            "61000-61999:61000-61999/tcp"
+          ];
           exec = [
             "--ssh-address=0.0.0.0:2222"
             "--http-address=0.0.0.0:80"
@@ -55,6 +66,7 @@ in
             "--bind-random-ports=false"
             "--bind-random-aliases=false"
             "--bind-random-subdomains=false"
+            "--port-bind-range=61000-61999"
             "--welcome-message=\"\""
             "--domain=tunnel.karaolidis.com"
             "--proxy-ssl-termination=true"