diff --git a/nixos/modules/ssh.nix b/nixos/modules/ssh.nix
index 93c1be87def202869cb9cb2c6893232213ccbabe..59ee2fec949be247143041379626f35b7d8bf657 100644
--- a/nixos/modules/ssh.nix
+++ b/nixos/modules/ssh.nix
@@ -38,7 +38,9 @@
         PermitEmptyPasswords no
 
         # Only allow authentication as one of the configured users, not random
-        # other (often system-managed) users.
+        # other (often system-managed) users.  Possibly this is also
+        # superfluous!  NixOS system users have nologin as their shell ... so they
+        # cannot log in anyway.
         AllowUsers ${builtins.concatStringsSep " " (builtins.attrNames cfg.sshUsers)}
       '';
     };