{
  den.aspects = {
    ssh-desktop = {
      nixos = {
        services = {
          openssh = {
            enable = true;
            openFirewall = true;
            settings = {
              X11Forwarding = true;
              PasswordAuthentication = false;
              KbdInteractiveAuthentication = false;
              PermitRootLogin = "prohibit-password";
              KexAlgorithms = [
                "mlkem768x25519-sha256"
                "sntrup761x25519-sha512"
                "sntrup761x25519-sha512@openssh.com"
                "curve25519-sha256"
                "curve25519-sha256@libssh.org"
                "diffie-hellman-group-exchange-sha256"
                "diffie-hellman-group18-sha512"
                "diffie-hellman-group16-sha512"
              ];
            };
            extraConfig = ''
              PubkeyAcceptedAlgorithms ssh-ed25519,rsa-sha2-512,rsa-sha2-256
              StreamLocalBindUnlink yes
            '';
          };
        };
        programs = {
          ssh = {
            hostKeyAlgorithms = [
              "ssh-ed25519"
              "rsa-sha2-512"
              "rsa-sha2-256"
            ];
          };
        };
      };
    };
  };
}