diff --git a/internal/serve/serve.go b/internal/serve/serve.go
index 9fa2ad8..a1edaa8 100644
--- a/internal/serve/serve.go
+++ b/internal/serve/serve.go
@@ -15,6 +15,7 @@ import (
 	"github.com/charmbracelet/wish"
 	"github.com/charmbracelet/wish/activeterm"
 	"github.com/charmbracelet/wish/logging"
+	gossh "golang.org/x/crypto/ssh"
 )
 
 // Setup default logger to append or create a new log file `log` in the current
@@ -51,6 +52,15 @@ func setupSshServer(host string, port string, host_key_path string, users map[st
 			}
 			return false
 		}),
+		wish.WithKeyboardInteractiveAuth(func(_ ssh.Context, _ gossh.KeyboardInteractiveChallenge) bool {
+			if len(users) == 0 {
+				// no users provided, meaning there is no user authentication, everyone is allowed to connect
+				return true
+			}
+			// NOTE interactive logins through keyboard challenges shall not be allowed; use
+			// ssh public-private key-pairs instead for limited access
+			return false
+		}),
 		ssh.AllocatePty(),
 		wish.WithMiddleware(
 			func(next ssh.Handler) ssh.Handler {