diff --git a/modules/security.nix b/modules/security.nix
index 5e54c68..6963808 100644
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -3,11 +3,10 @@
 {
   config = {
     services = {
+
       openssh = lib.mkIf config.services.gitea.enable {
         extraConfig = ''
           Match User gitea
-            AllowAgentForwarding no
-            AllowTcpForwarding no
             PermitTTY no
             X11Forwarding no
         '';
diff --git a/systems/configuration.nix b/systems/configuration.nix
index e9520da..b80716d 100644
--- a/systems/configuration.nix
+++ b/systems/configuration.nix
@@ -68,6 +68,7 @@
         PermitEmptyPasswords = "no";
         PermitRootLogin = "no";
         TcpKeepAlive = "no";
+        X11Forwarding = lib.mkDefault false;
 
         KexAlgorithms = [
           "curve25519-sha256@libssh.org"
diff --git a/systems/jeeves-jr/configuration.nix b/systems/jeeves-jr/configuration.nix
index 9795317..bc03f5f 100644
--- a/systems/jeeves-jr/configuration.nix
+++ b/systems/jeeves-jr/configuration.nix
@@ -64,11 +64,6 @@
   services = {
     nfs.server.enable = true;
 
-    endlessh-go = {
-      enable = true;
-      port = 22;
-    };
-
     openssh.ports = [ 352 ];
 
     smartd.enable = true;