diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 3def2d77556e8b82b5fd0dbd2513f3d08b7ea2c7..51f41832ded8fe18290c47b5b3ad85fb58c2a511 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -61,7 +61,7 @@ let
       (gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.24"; }))
       (gridlib.customize-monitoring {
         inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
-        inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
+        inherit (config) domain publicKeyPath privateKeyPath sshUsers letsEncryptAdminEmail;
         googleOAuthClientID = config.monitoringGoogleOAuthClientID;
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index e663d2243e4aa6078260e41f07f807f606e64ef6..06eefdd28da57ad65ea99543ba8421bc934ef752 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -38,7 +38,7 @@ let
       gridlib.hardware-aws
       (gridlib.customize-monitoring {
         inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
-        inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
+        inherit (config) domain publicKeyPath privateKeyPath sshUsers letsEncryptAdminEmail;
         googleOAuthClientID = config.monitoringGoogleOAuthClientID;
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index fbbbd9f13e49cfdc7fd2f0687fa2fe12df91ea33..7b06c99e1f7a1b65b535f924a0a24aebe6753586 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -51,7 +51,7 @@ let
       gridlib.hardware-aws
       (gridlib.customize-monitoring {
         inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
-        inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
+        inherit (config) domain publicKeyPath privateKeyPath sshUsers letsEncryptAdminEmail;
         googleOAuthClientID = config.monitoringGoogleOAuthClientID;
         monitoringvpnIPv4 = "172.23.23.1";
         stateVersion = "19.09";
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index f5b820a272fcfd4ea7106af32ad2fd0ac5c8ece3..391aa5602575100c8650d8e4fb6892e38fc95ebf 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -13,6 +13,7 @@
 , privateKeyPath
 , monitoringvpnIPv4
 , domain
+, sshUsers
 , letsEncryptAdminEmail
 
   # A list of VPN IP addresses as strings indicating which clients will be
@@ -84,6 +85,8 @@
   networking.domain = domain;
   networking.hosts = hostsMap;
 
+  services.private-storage.sshUsers = sshUsers;
+
   services.private-storage.monitoring.vpn.server = {
     enable = true;
     ip = monitoringvpnIPv4;
diff --git a/morph/lib/monitoring.nix b/morph/lib/monitoring.nix
index d8af93b24119ba6dff5ce63a5b2d16fbd18edb71..f8810be2f7e878eeb979e82d2746895d6157212e 100644
--- a/morph/lib/monitoring.nix
+++ b/morph/lib/monitoring.nix
@@ -21,6 +21,8 @@ rec {
   };
 
   imports = [
+    # Give it a good SSH configuration.
+    ../../nixos/modules/ssh.nix
     # Allow us to remotely trigger updates to this system.
     ../../nixos/modules/deployment.nix