diff --git a/checks/backups/flake-module.nix b/checks/backups/flake-module.nix
index a48a3bd21..1476dc1d7 100644
--- a/checks/backups/flake-module.nix
+++ b/checks/backups/flake-module.nix
@@ -24,7 +24,6 @@
         imports = [
           self.clanModules.borgbackup
           self.clanModules.localbackup
-          self.clanModules.sshd
         ];
         clan.core.networking.targetHost = "machine";
         networking.hostName = "machine";
@@ -36,6 +35,16 @@
           machine.publicKey = builtins.readFile ../lib/ssh/pubkey;
         };
 
+        services.openssh = {
+          enable = true;
+          hostKeys = [
+            {
+              path = "/root/.ssh/id_ed25519";
+              type = "ed25519";
+            }
+          ];
+        };
+
         users.users.root.openssh.authorizedKeys.keyFiles = [ ../lib/ssh/pubkey ];
 
         systemd.tmpfiles.settings."vmsecrets" = {
@@ -69,6 +78,8 @@
           };
         };
         clan.core.facts.secretStore = "vm";
+        # TODO: set this backend as well, once we have implemented it.
+        #clan.core.vars.settings.secretStore = "vm";
 
         environment.systemPackages = [ self.packages.${pkgs.system}.clan-cli ];
         environment.etc.install-closure.source = "${closureInfo}/store-paths";
diff --git a/sops/machines/test-backup/key.json b/sops/machines/test-backup/key.json
new file mode 100755
index 000000000..a58accffa
--- /dev/null
+++ b/sops/machines/test-backup/key.json
@@ -0,0 +1,4 @@
+{
+  "publickey": "age1ez6xlcxl5k2uekcjvsu5wjca29f0j3lml0kq8fnvnkugvnj4pyjsyzuc93",
+  "type": "age"
+}
\ No newline at end of file
diff --git a/sops/secrets/test-backup-age.key/secret b/sops/secrets/test-backup-age.key/secret
new file mode 100644
index 000000000..b57f62f6a
--- /dev/null
+++ b/sops/secrets/test-backup-age.key/secret
@@ -0,0 +1,20 @@
+{
+	"data": "ENC[AES256_GCM,data:4Rx8J1mQjaJTmpN5ZBWWKBdObgjd4qjuEWkmXHHWeBUPi0nvYL00vFmdu2LeJYEmZaEP4urEGe9TlACB8JoC6ahI9iuXCWnzzA4=,iv:wOWFcNDU8+ur8sZRxlMr+TlzZmbsvE5o/FfXnINBmag=,tag:jHf+rpnSca9T0ntN93wSaw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNE9nbmpoanhERGxuVUFL\ndnFPaVI1eXNqNENjeHVNV0Z0Rmx6NDJXNWtFCjdlOXhiU3hTRWRWVjJGMXpUTGtE\naUd5VUNUc2RML29ZSkJYWEd0VnJOc1UKLS0tIG9FdlNsMk5ETmRzaGEzRmN4allC\ncUMzd2N3dW03N0VvWit1eE9OVVRFcWsKzocpuGOlf3kYxbUDvVHP7G27G5n8vWFg\n5Jjf4qaW+ioXpqD0moHVVygbXXB6zkfrJraMaC9Sccdl8eLJNWuE0g==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-11-14T16:33:56Z",
+		"mac": "ENC[AES256_GCM,data:7G6svIuQrI2O5JZ3thNH6om8n3sdoTukfRQqOZ5/x28/BuVyfybsPP2So5MPlT4/OGPvhBGVWhHZ9W201zXOrzAI5T+bR2uX6VDeISRMscniVehnuAwipwCSqkBYO+FfvGjMSh8/kyF20PJR/Ta28qTcO7FKph2BgcOjhl1A0dM=,iv:BpqQT+rRk5mdCLY0dMoKyevhkJZ/dczeQPVSn+qzA9I=,tag:/gxOqChMYz4M65Z1SIcMsg==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.9.1"
+	}
+}
\ No newline at end of file
diff --git a/vars/per-machine/test-backup/openssh/ssh.id_ed25519.pub/value b/vars/per-machine/test-backup/openssh/ssh.id_ed25519.pub/value
new file mode 100644
index 000000000..5fbd460d6
--- /dev/null
+++ b/vars/per-machine/test-backup/openssh/ssh.id_ed25519.pub/value
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnWhu8zt/mD+TlIKr8Req4c+BCgqYuDOcZfmzj6kflF nixbld@turingmachine
diff --git a/vars/per-machine/test-backup/openssh/ssh.id_ed25519/machines/test-backup b/vars/per-machine/test-backup/openssh/ssh.id_ed25519/machines/test-backup
new file mode 120000
index 000000000..152c24e38
--- /dev/null
+++ b/vars/per-machine/test-backup/openssh/ssh.id_ed25519/machines/test-backup
@@ -0,0 +1 @@
+../../../../../../sops/machines/test-backup
\ No newline at end of file
diff --git a/vars/per-machine/test-backup/openssh/ssh.id_ed25519/secret b/vars/per-machine/test-backup/openssh/ssh.id_ed25519/secret
new file mode 100644
index 000000000..74f17e533
--- /dev/null
+++ b/vars/per-machine/test-backup/openssh/ssh.id_ed25519/secret
@@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:KYuyTnrrzYUFWh+mXiy2puoW4BftckADAroO4FzpH6OJ9Hd9wUEj0iGcOqkb/VDmwaJxw5L7rqBHNNiKFXRNPsybTUUUQHFx35TWpS+sX16Y9F3vXF/LS+7B7R+EioFD2WViPOFvUM/8SJwF87gtCs8r8P46YQhpfS01GgGlFiPyOB0S6l/2RzGn4oJyseZIR+rF7SGDigIvFYyHzkufIKnTyaA3dkS+wLwZZLDmkzv9iNeHMqSecUOPlvqPgfizvjV8exNjVlypXAhX2fePHZhC+DOLdUrFy0aLfY+tejfJNKwwcc3krNwT94c0cSNvgylYVPyoU308eAzaDZufjSmZhc+kYPSO8bwemoX6eBnDy7vd3UzAQ/VfmPKoBuL8KzjSk02wUC5/Q8su1Xk397O12SS3GhGm3BAzMOf/QgqZK7eQsyOX2iBefoZTQ4rIED/szp2++KU1BFppXpvK1sdvcLg3g9v5pKvTgMGh25rJe/LI+jYFlPMdGgv1tY1GI504SM8B8l8a/9Ti1b7apO6QrUeT3Q/0jpJu,iv:YWZDzxpnrkTOmDJ/+0iO55dtbvX+UjqGctDduF3c1Sk=,tag:Q7e/9+0ClQn5bCGxoW+lOQ==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQY1AzdmJGWitIYWlEUVM2\nTkRNeVZRYXg5SXRqdlRSOG9NaE8wNTZrU1FBCkRPOGE0bEZsMHdCSUdXQVE1UmVT\nMk9ZSHNZY0FXRG5WQVFaLzY3Ry9GeVEKLS0tIENHM09SWUJqMFJZbjBzdmp4eXlo\nNGJ2QWZaR1NiKzNVQXRVUnJSc2JycG8K9czRLJeCJp8vmPUY339x8Lvux3WDbrdJ\nbp7ynECENrgyP+5CdxopUQMGWptdjTYVho3nKv5NL+rjUZkfagV8HA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1ez6xlcxl5k2uekcjvsu5wjca29f0j3lml0kq8fnvnkugvnj4pyjsyzuc93",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4QVRianYxZ01QWEFSckdl\nd0taZlBWbTlkZHVmd2RXdmxYUjV3K3hHNzBJClMyQktNNWYrQTZkY09GL2dmYkRp\nOGl4WG85OHgxUWdDZVV3R1lDdjRZK2MKLS0tIHN3Ykk0OXA2c0o0a0RkTTZoZHZU\nTWJac09PM1J6clk2bDZxQVFyc29KbG8KZjHj109+FTmldFcdbLEGwSULWt3fLDXf\nYkeWVRa0rB2OtDxLrE6eq4QC1uGZ7KyCwAVqcMyriRMkje3121FBTQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-11-14T16:33:58Z",
+		"mac": "ENC[AES256_GCM,data:vWP3TwsjWwWg+gByhdcGVRR08jnH+AS8cOiuNic8AN2ozGZMP0C6mc5EER44wZiGeBWPdoTjqv9tQld4Gc5sWKuZ6QziNIqV/4WBwLwOTRmpVkJNpivJpCTdVyzQKv43xVk/e/ED8wTG6X9M83IGhMX6tUw9XxbCuJiZw61N/6Q=,iv:PTiwi9l16uKGQtNWXovA0Gjzg45O+T75BPT35gOzZLM=,tag:3AXwu/Va7yMsYlpd9Ss6hw==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.9.1"
+	}
+}
\ No newline at end of file
diff --git a/vars/per-machine/test-backup/ssh.id_ed25519.pub/value b/vars/per-machine/test-backup/ssh.id_ed25519.pub/value
deleted file mode 100644
index a23c24019..000000000
--- a/vars/per-machine/test-backup/ssh.id_ed25519.pub/value
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILns3iEVA7MaN+K8qVRFywVOjBZsGyfRuBl26nGL/tXe nixbld@turingmachine