diff --git a/.buildbot/openwrt/build.sh b/.buildbot/openwrt/build.sh
index 10b9156..ca25824 100755
--- a/.buildbot/openwrt/build.sh
+++ b/.buildbot/openwrt/build.sh
@@ -50,10 +50,10 @@ echo "CONFIG_TARGET_ROOTFS_PARTSIZE=208" >> .config
 echo "CONFIG_TARGET_ROOTFS_EXT4FS=n" >> .config
 
 # Setup files
-mkdir -p files/root/.ssh
-chmod 0700 files/root files/root/.ssh
-cp ${pwd}/authorized_keys files/root/.ssh/
-chmod 0400 files/root/.ssh/authorized_keys
+mkdir -p files/etc/dropbear
+chmod 0750 files/etc/dropbear
+cp ${pwd}/authorized_keys files/etc/dropbear
+chmod 0400 files/etc/dropbear/authorized_keys
 mkdir -p files/etc/uci-defaults
 cp ${pwd}/defaults/* files/etc/uci-defaults
 
@@ -90,11 +90,10 @@ PACKAGES="kmod-nf-nathelper-extra kmod-rtc-ds1307 \
 	  luci-ssl-nginx luci-app-acme \
 	  python3-packages python3-yaml \
 	  wireguard-tools wget-ssl \
-	  openssh-server \
 	 "
 
 make image PROFILE=rpi-4 \
-     PACKAGES="${PACKAGES}" DISABLED_SERVICES="dropbear" FILES="files"
+     PACKAGES="${PACKAGES}" FILES="files"
 
 make manifest PROFILE=rpi-4 PACKAGES="${PACKAGES}"
 
diff --git a/defaults/50-dropbear b/defaults/50-dropbear
new file mode 100644
index 0000000..aa454fe
--- /dev/null
+++ b/defaults/50-dropbear
@@ -0,0 +1,12 @@
+VERSION=1
+
+[ "$(uci -q get defaults.dropbear)" -ge "$VERSION" ] && exit 0
+
+# save version
+/sbin/uci set defaults.dropbear="$VERSION"
+
+uci -q batch << EOF
+dropbear.@dropbear[0].PasswordAuth='off'
+dropbear.@dropbear[0].RootPasswordAuth='off'
+commit dropbear
+EOF
diff --git a/defaults/50-sshd b/defaults/50-sshd
deleted file mode 100644
index 2e6727a..0000000
--- a/defaults/50-sshd
+++ /dev/null
@@ -1,2 +0,0 @@
-echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
-/sbin/service sshd restart
\ No newline at end of file