diff --git a/applications/ldap_client.nix b/applications/ldap_client.nix
index b753a93..1bf92f2 100644
--- a/applications/ldap_client.nix
+++ b/applications/ldap_client.nix
@@ -54,6 +54,16 @@
     # give users a home dir
     security.pam.services.sshd.makeHomeDir = true;
 
+    services.openssh = {
+      # only allow ssh keys
+      passwordAuthentication = false;
+
+      # tell users where tehy cna setup their ssh key
+      banner = ''
+        If you get 'Permission denied (publickey,keyboard-interactive)' you need to add an ssh key on https://${cfg.address}
+        '';
+    };
+
     services.sssd = {
       enable = true;