diff --git a/config/hooks/live/0022_dropbear_setup.chroot b/config/hooks/live/0022_dropbear_setup.chroot
index c2d246c..7ef7f7d 100644
--- a/config/hooks/live/0022_dropbear_setup.chroot
+++ b/config/hooks/live/0022_dropbear_setup.chroot
@@ -27,7 +27,6 @@ export DEBIAN_FRONTEND="noninteractive" INITRD="No"
 #######################################
 dropbear_setup() {
   ### Declare Arrays, HashMaps, and Variables.
-  declare network_static_ipv4ntpserver_0="192.53.103.108"
   # shellcheck disable=SC2155
   declare user_root_sshpubkey="$(< /root/.ssh/authorized_keys)"
   declare var_force_command_string='command="/usr/local/bin/unlock_wrapper.sh",no-agent-forwarding,no-port-forwarding,no-X11-forwarding '
@@ -37,11 +36,18 @@ dropbear_setup() {
 
   if [[ -d /root/ssh ]]; then
 
+    # shellcheck disable=SC2155
+    declare _tmp=$(mktemp)
+    cp -f -- /root/ssh/ssh_host_rsa_key "${_tmp}"
+    ssh-keygen -p -N '' -m PEM -f "${_tmp}"
+
     dropbearconvert openssh dropbear /root/ssh/ssh_host_ed25519_key     /etc/dropbear/initramfs/dropbear_ed25519_host_key
-    dropbearconvert openssh dropbear /root/ssh/ssh_host_rsa_key         /etc/dropbear/initramfs/dropbear_rsa_host_key
+    dropbearconvert openssh dropbear "${_tmp}"                          /etc/dropbear/initramfs/dropbear_rsa_host_key
     dropbearkey -y -f /etc/dropbear/initramfs/dropbear_ed25519_host_key /etc/dropbear/initramfs/dropbear_ed25519_host_key.pub
     dropbearkey -y -f /etc/dropbear/initramfs/dropbear_rsa_host_key     /etc/dropbear/initramfs/dropbear_rsa_host_key.pub
 
+    rm -f "${_tmp}"
+
   else
 
     # shellcheck disable=SC2312
diff --git a/config/hooks/live/9930_hardening_ssh.chroot b/config/hooks/live/9930_hardening_ssh.chroot
index 4c67b97..07b0693 100644
--- a/config/hooks/live/9930_hardening_ssh.chroot
+++ b/config/hooks/live/9930_hardening_ssh.chroot
@@ -24,6 +24,7 @@ rm -rf ssh_host_*key*
 if [[ -d /root/ssh ]]; then
 
   mv /root/ssh/ssh_host_*key* /etc/ssh
+  mv /root/ssh/*sha256sum.txt /etc/ssh
   rm -rf /root/ssh
 
 else
@@ -40,6 +41,8 @@ chmod 0600 /etc/ssh/ssh_host_*_key
 chown root:root /etc/ssh/ssh_host_*_key
 chmod 0644 /etc/ssh/ssh_host_*_key.pub
 chown root:root /etc/ssh/ssh_host_*_key.pub
+chmod 0440 /etc/ssh/*sha256sum.txt
+chown root:root /etc/ssh/*sha256sum.txt
 
 awk '$5 >= 4000' /etc/ssh/moduli >| /etc/ssh/moduli.safe
 rm -rf /etc/ssh/moduli
@@ -47,7 +50,6 @@ mv /etc/ssh/moduli.safe /etc/ssh/moduli
 
 chmod 0600 /etc/ssh/sshd_config /etc/ssh/ssh_config
 
-touch /root/sshfp
 ssh-keygen -r @ >| /root/sshfp
 
 ###########################################################################################
@@ -95,14 +97,17 @@ if command -v ssh-keygen >/dev/null 2>&1; then
 
   for _key in /etc/ssh/ssh_host_*key; do
 
-    ssh-keygen -lf "${_key}" >/dev/null || exit 1
-    ssh-keygen -yf "${_key}" >/dev/null || exit 1
+    ### Only consider regular files
+    [[ -f "${_key}" ]] || continue
+
+    ssh-keygen -lf "${_key}" >/dev/null || exit 42
+    ssh-keygen -yf "${_key}" >/dev/null || exit 42
 
   done
 
 fi
 
-/usr/sbin/sshd -t || exit 1
+/usr/sbin/sshd -t || exit 42
 
 eval "${_old_nullglob}" 2>/dev/null || true