Index: scripts/lockdown.sh
===================================================================
diff -u -r26d16005a23c70c0995584f7ae4364fa2d75add0 -rff95c34e6cc28ec8de8f81854ea9f4369afa9c7f
--- scripts/lockdown.sh	(.../lockdown.sh)	(revision 26d16005a23c70c0995584f7ae4364fa2d75add0)
+++ scripts/lockdown.sh	(.../lockdown.sh)	(revision ff95c34e6cc28ec8de8f81854ea9f4369afa9c7f)
@@ -53,6 +53,10 @@
 denali ALL=(root) NOPASSWD: /bin/mkdir *
 denali ALL=(root) NOPASSWD: /usr/sbin/cryptsetup *
 denali ALL=(root) NOPASSWD: /sbin/mkfs.ext4 *
+denali ALL=(root) NOPASSWD: /bin/systemctl start sshd.socket
+denali ALL=(root) NOPASSWD: /bin/systemctl stop sshd.socket
+denali ALL=(root) NOPASSWD: /bin/systemctl disable sshd.socket
+denali ALL=(root) NOPASSWD: /bin/systemctl status sshd.socket
 "
 
 CONTENT_IPTABLES="
@@ -139,8 +143,8 @@
   chown -R root.denali ${fileTarget}
   chmod -R g+rw ${fileTarget}
 
-  # Restart service on remote.
-  systemctl restart system-sshd.slice
+  # Disable the ssh service by defalut and will be enalbed when needed.
+  systemctl disable sshd.socket
 }