diff --git a/harden_sshd.txt b/harden_sshd.txt
new file mode 100644
index 00000000..5e8cd6be
--- /dev/null
+++ b/harden_sshd.txt
@@ -0,0 +1,11 @@
+/etc/ssh/sshd_config
+
+PermitEmptyPasswords no
+Port 2345 (or some other port than default 22)
+PermitRootLogin no
+ClientAliveInterval 300
+ClientAliveCountMax 2
+X11Forwarding no
+MaxAuthTries 3
+
+sshd -T
diff --git a/updates.txt b/updates.txt
index f81daa0e..74199336 100644
--- a/updates.txt
+++ b/updates.txt
@@ -38,3 +38,18 @@ make sure to install all of the test files (jest should already be set up, but y
 doas npm install -g jest
 pip install pytest
 
+sshd is disabled by default on Artix (a good practice), but let's enable it, follow your harden_sshd.txt guide (just some flags), and add a down file to disable it:
+
+doas ln -s /etc/runit/sv/sshd /run/runit/service
+
+doas sv start sshd
+
+edit /etc/ssh/sshd_config file using harden_sshd.txt guide
+
+cd /etc/runit/sv/sshd
+
+doas touch down
+
+doas chmod +x down
+
+doas sv stop sshd