diff --git a/debian/debian-secure.sh b/debian/debian-secure.sh
index 6596185..067306e 100644
--- a/debian/debian-secure.sh
+++ b/debian/debian-secure.sh
@@ -26,6 +26,7 @@ Address = $WG_SUBNET::1/64
 PublicKey = $WIREGUARD_PUBKEY
 AllowedIPs = $WG_SUBNET::2/128
 EOF
+chmod -R 700 /etc/wireguard
 
 systemctl enable --now wg-quick@vmh-ssh-vpn
 
@@ -33,6 +34,8 @@ systemctl enable --now wg-quick@vmh-ssh-vpn
 echo "Configuring ssh..."
 mkdir /home/$USERNAME/.ssh
 echo $MY_SSH_KEY > /home/$USERNAME/.ssh/authorized_keys
+chmod 600 /home/$USERNAME/.ssh/authorized_keys
+chmod 700 /home/$USERNAME/.ssh
 
 cat <<EOF > /etc/ssh/sshd_config.d/10-vmh_ssh.conf
 X11Forwarding no
@@ -56,6 +59,7 @@ echo "Configuring sudo..."
 cat <<EOF > /etc/sudoers.d/99-vmh-newuser
 $USERNAME    ALL=(ALL:ALL)   NOPASSWD:ALL
 EOF
+chmod 440 /etc/sudoers.d/99-vmh-newuser
 
 echo
 echo "BEFORE DISCONNECTING, FOLLOW THE FOLLOWING STEPS"