diff --git a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/network.kt b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/network.kt
index 38bccb0..8b1d013 100644
--- a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/network.kt
+++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/network.kt
@@ -7,7 +7,7 @@ import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.check
 import org.domaindrivenarchitecture.provs.server.domain.k3s.K3sConfig
 
 val loopbackFile = "/etc/netplan/99-loopback.yaml"
-val resourcePath = "org/domaindrivenarchitecture/provs/server/infrastructure/network/"
+val resourcePathNetwork = "org/domaindrivenarchitecture/provs/server/infrastructure/network/"
 
 fun Prov.testNetworkExists(): Boolean {
     return checkFile(loopbackFile)
@@ -19,7 +19,7 @@ fun Prov.provisionNetwork(k3sConfig: K3sConfig) = task {
             createFileFromResourceTemplate(
                 loopbackFile,
                 "99-loopback.dual.template.yaml",
-                resourcePath,
+                resourcePathNetwork,
                 mapOf("loopback_ipv4" to k3sConfig.loopback.ipv4, "loopback_ipv6" to k3sConfig.loopback.ipv6!!),
                 "644",
                 sudo = true
@@ -28,7 +28,7 @@ fun Prov.provisionNetwork(k3sConfig: K3sConfig) = task {
             createFileFromResourceTemplate(
                 loopbackFile,
                 "99-loopback.ipv4.template.yaml",
-                resourcePath,
+                resourcePathNetwork,
                 mapOf("loopback_ipv4" to k3sConfig.loopback.ipv4),
                 "644",
                 sudo = true
diff --git a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/ssh.kt b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/ssh.kt
new file mode 100644
index 0000000..9c0f361
--- /dev/null
+++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/ssh.kt
@@ -0,0 +1,29 @@
+package org.domaindrivenarchitecture.provs.server.infrastructure
+
+import org.domaindrivenarchitecture.provs.framework.core.Prov
+import org.domaindrivenarchitecture.provs.framework.core.ProvResult
+import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.checkFile
+import org.domaindrivenarchitecture.provs.framework.ubuntu.filesystem.base.createFileFromResource
+import org.domaindrivenarchitecture.provs.framework.ubuntu.install.base.isPackageInstalled
+
+val pathSshdConfig = "/etc/ssh/sshd_config"
+val packageNameSshServer = "openssh-server"
+val resourcePathSsh = "org/domaindrivenarchitecture/provs/server/infrastructure/ssh/"
+
+fun Prov.isSshdConfigExisting(): Boolean {
+    return checkFile(pathSshdConfig)
+}
+
+fun Prov.configureSshd() = task {
+    if(isSshdConfigExisting() && isPackageInstalled(packageNameSshServer)) {
+        createFileFromResource(
+            pathSshdConfig,
+            "sshd_config",
+            resourcePathSsh,
+            "644",
+            true)
+        cmd("service ssh restart", sudo = true)
+    } else {
+        ProvResult(false)
+    }
+}
\ No newline at end of file
diff --git a/src/main/resources/org/domaindrivenarchitecture/provs/server/infrastructure/ssh/sshd_config b/src/main/resources/org/domaindrivenarchitecture/provs/server/infrastructure/ssh/sshd_config
new file mode 100644
index 0000000..6c8334c
--- /dev/null
+++ b/src/main/resources/org/domaindrivenarchitecture/provs/server/infrastructure/ssh/sshd_config
@@ -0,0 +1,129 @@
+# This file was automatically provisioned by provs.
+# https://gitlab.com/domaindrivenarchitecture/provs
+
+#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem sftp	/usr/lib/openssh/sftp-server
+
+ClientAliveInterval 30
+ClientAliveCountMax 120
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server