diff --git a/.gitignore b/.gitignore
index b2be92b..e5d0a7d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 result
+deploy-luci.sh
diff --git a/admins/theaninova.id_ed25519_sk.pub b/admins/theaninova.id_ed25519_sk.pub
new file mode 100644
index 0000000..39b9db8
--- /dev/null
+++ b/admins/theaninova.id_ed25519_sk.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPX+YdfBdTBT3wXyWkXt3k+kFYqXxSFMAHE85bOUxkJJAAAABHNzaDo= theaninova@MONSTER
diff --git a/hosts/aero/default.nix b/hosts/aero/default.nix
index cec543d..efbf96f 100644
--- a/hosts/aero/default.nix
+++ b/hosts/aero/default.nix
@@ -119,6 +119,18 @@
   '';
   security.tpm2.enable = true;
   users.defaultUserShell = pkgs.zsh;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+  users.users.root.openssh.authorizedKeys.keys = [
+    (builtins.readFile ../../admins/theaninova.id_ed25519_sk.pub)
+  ];
+
   users.users.${username} = {
     isNormalUser = true;
     extraGroups = [
diff --git a/hosts/shark/default.nix b/hosts/shark/default.nix
index efec798..5f55444 100644
--- a/hosts/shark/default.nix
+++ b/hosts/shark/default.nix
@@ -108,6 +108,18 @@
   '';
   security.tpm2.enable = true;
   users.defaultUserShell = pkgs.zsh;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+  users.users.root.openssh.authorizedKeys.keys = [
+    (builtins.readFile ../../admins/theaninova.id_ed25519_sk.pub)
+  ];
+
   users.users.${username} = {
     isNormalUser = true;
     extraGroups = [