diff --git a/etc/ssh/sshd_config.d/10-custom.conf b/etc/ssh/sshd_config.d/10-custom.conf
index d28aba5..d250158 100644
--- a/etc/ssh/sshd_config.d/10-custom.conf
+++ b/etc/ssh/sshd_config.d/10-custom.conf
@@ -6,9 +6,20 @@ PubkeyAcceptedKeyTypes ssh-ed25519
 Ciphers aes256-gcm@openssh.com
 MACs -*
 
+# Security hardening
+AuthorizedKeysFile .ssh/authorized_keys
+LoginGraceTime 15s
+MaxAuthTries 1
+StrictModes yes
+
+## Use PAM for session checks here but authentication is disabled below
+UsePAM yes
+
 # Disabling unused authentication methods
+ChallengeResponseAuthentication no
 PasswordAuthentication no
 PermitRootLogin no
+KbdInteractiveAuthentication no
 KerberosAuthentication no
 GSSAPIAuthentication no