diff --git a/setup.sh b/setup.sh
index 38e81b6..9b3eacf 100644
--- a/setup.sh
+++ b/setup.sh
@@ -30,6 +30,8 @@ add_users() {
   echo "Adding users"
   useradd -U -G sudo,lpadmin -m -s /bin/bash $user
   chmod 700 /home/$user
+  echo "Let's define a password for $user as we are about to run sudo with it. It can of course be changed after setup."
+  passwd $user
   usermod -a -G lp saned
 }
 
@@ -39,12 +41,12 @@ get_sync() {
   sudo -H -u $user git clone https://gitea.kto.black/adminconf/printscan-server.git \
     $sync_directory_path/printscan-server
   sudo -H -u $user git clone https://gitea.kto.black/adminconf/rcs-general.git $sync_directory_path/rcs-general
-  sudo -H -u $user $sync_directoyy_path/rcs-general/install.sh
+  sudo -H -u $user $sync_directory_path/rcs-general/install.sh
   sudo -H -u $user git clone https://gitea.kto.black/adminconf/conf-sync.git $sync_directory_path/conf-sync
   sudo -H -u $user cp $sync_directory_path/conf-sync/variables.conf.template \
     $sync_directory_path/conf-sync/variables.conf
   sudo -H -u $user sed -i -e "s/\"desktop\"/\"server\"/g" $sync_directory_path/conf-sync/variables.conf
-  sudo -H -u $user $sync_directoyy_path/conf-sync/install.sh
+  sudo -H -u $user $sync_directory_path/conf-sync/install.sh
 }
 
 set_cups_conf() {
@@ -64,6 +66,12 @@ ssh_pubkey() {
   sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys
 }
 
+set_sshd_conf() {
+  echo "Editing OpenSSH daemon config..."
+  sed -i -e "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
+  sed -i -e "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
+}
+
 install_scanservjs() {
   echo "Installing scanservjs directly from GitHub..."
   curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/packages/server/installer.sh | bash -s -- -a
@@ -123,6 +131,7 @@ get_conf
 set_cups_conf
 set_sane_conf
 ssh_pubkey
+set_sshd_conf
 install_scanservjs
 tls_cert
 set_apache
@@ -130,15 +139,11 @@ set_apache
 echo ""
 echo "We're all good here!"
 echo "You should now:"
-echo "* set $user's password"
 echo "* lock root account"
 echo "* reboot the SBC"
 echo "And perhaps:"
+echo "* set a new password for $user"
 echo "* connect to http://$hostname:631/ and add a printer"
 echo "* set htop at your convenience"
 echo "* remove password for sudo" # TODO we should automate that, with a flag
-echo "* use below commands to edit SSH config:"
-echo "    sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config"
-echo "    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config"
-echo "* MIND THAT CONF-SYNC IS NOT SET"
 exit 0