diff --git a/etc/ssh/sshd_config.d/basic-security.conf b/etc/ssh/sshd_config.d/basic-security.conf
index 91dde032..d4ba6155 100644
--- a/etc/ssh/sshd_config.d/basic-security.conf
+++ b/etc/ssh/sshd_config.d/basic-security.conf
@@ -8,8 +8,12 @@ HostKey /etc/ssh/ssh_host_ed25519_key
 # Includes public keys in logins
 LogLevel VERBOSE
 
-# No direct root login, keys might be ok, but audit trail
+# No direct root login, keys might be ok, but audit trail...
 PermitRootLogin no
+#...unless we happen to be on SteamOS on Steam Deck where we probably don't
+# care about audit trail by user deck and where keyed SSH may be preferable
+# over having a password?
+#PermitRootLogin prohibit-password
 # Passwords are bad
 PasswordAuthentication no
 AuthenticationMethods publickey