diff --git a/.ssh/ephemeral_sshd/README.md b/.ssh/ephemeral_sshd/README.md
new file mode 100644
index 0000000..d445173
--- /dev/null
+++ b/.ssh/ephemeral_sshd/README.md
@@ -0,0 +1,9 @@
+User-local SSH server.
+
+Remember to populate `authorized_keys`.
+
+```shell
+cd ~/.ssh/ephemeral_sshd/
+ssh-keygen -t ed25519 -f ssh_host_ed25519_key -N ''
+/usr/sbin/sshd -f sshd_config -D
+```
diff --git a/.ssh/ephemeral_sshd/sshd_config b/.ssh/ephemeral_sshd/sshd_config
new file mode 100644
index 0000000..1e9debe
--- /dev/null
+++ b/.ssh/ephemeral_sshd/sshd_config
@@ -0,0 +1,15 @@
+Port 2222
+ListenAddress localhost
+
+# Point to our generated host keys
+HostKey ~/.ssh/ephemeral_sshd/ssh_host_ed25519_key
+
+# Use standard public key authentication
+AuthorizedKeysFile ~/.ssh/ephemeral_sshd/authorized_keys
+
+UsePAM no
+PidFile ~/.ssh/ephemeral_sshd/sshd.pid
+
+# Disable less secure authentication methods
+PasswordAuthentication no
+ChallengeResponseAuthentication no