diff --git a/post-install.sh b/post-install.sh
index 639ff92..94a78af 100755
--- a/post-install.sh
+++ b/post-install.sh
@@ -377,9 +377,24 @@ echo "[+] Enabling services..."
 # systemctl enable stratisd  # Not needed without Stratis
 systemctl enable sshd
 
-# Disable root login
+# Secure SSH configuration
 echo "[+] Securing SSH..."
-sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+{
+    # Disable root login
+    sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
+    
+    # Only allow SSH key authentication
+    sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+    sed -i 's/^#*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
+    sed -i 's/^#*UsePAM.*/UsePAM no/' /etc/ssh/sshd_config
+    
+    # Only allow specific user
+    echo "AllowUsers ${ALMA_USER}" >> /etc/ssh/sshd_config
+    
+    echo "  - Root login disabled"
+    echo "  - Password authentication disabled"
+    echo "  - Only user '${ALMA_USER}' allowed"
+}
 
 # Set SELinux to enforcing
 echo "[+] Setting SELinux to enforcing..."