diff --git a/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service b/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service
index b34d802db..f1ed3e341 100644
--- a/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service
+++ b/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service
@@ -4,7 +4,7 @@ Before=sshd.service
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash -c "ssh-keygen -t ecdsa -q -N '' -f /run/ssh_host_ecdsa_key"
+ExecStart=/bin/bash -c "mkdir -p /run/ssh; ssh-keygen -t ecdsa -q -N '' -f /run/ssh/ssh_host_ecdsa_key"
 
 [Install]
 WantedBy=multi-user.target
diff --git a/image/sysroot-tree/etc/ssh/sshd_config b/image/sysroot-tree/etc/ssh/sshd_config
index 2b1060c4a..507c3cde5 100644
--- a/image/sysroot-tree/etc/ssh/sshd_config
+++ b/image/sysroot-tree/etc/ssh/sshd_config
@@ -1,3 +1,5 @@
-HostKey /run/ssh_host_ecdsa_key
-TrustedUserCAKeys /run/ssh_ca.pub
+HostKey /run/ssh/ssh_host_ecdsa_key
+TrustedUserCAKeys /run/ssh/ssh_ca.pub
 PasswordAuthentication no
+ChallengeResponseAuthentication no
+AuthorizedKeysFile /dev/null