diff --git a/cmd/ussher/main.go b/cmd/ussher/main.go
new file mode 100644
index 0000000..50e8d8d
--- /dev/null
+++ b/cmd/ussher/main.go
@@ -0,0 +1,7 @@
+package main
+
+import "fmt"
+
+func main() {
+	fmt.Println("vim-go")
+}
diff --git a/config.go b/config.go
new file mode 100644
index 0000000..41a1bae
--- /dev/null
+++ b/config.go
@@ -0,0 +1,24 @@
+package ussher
+
+import (
+	"io/ioutil"
+
+	"golang.org/x/crypto/ssh"
+)
+
+type Config struct {
+	HostKeyPath string
+	Keystore    Keystore
+}
+
+func (c *Config) GetPrivateKey() (ssh.Signer, error) {
+	bytes, err := ioutil.ReadFile(c.HostKeyPath)
+	if err != nil {
+		return nil, err
+	}
+	return ssh.ParsePrivateKey(bytes)
+}
+
+type Keystore interface {
+	CheckPublicKey(user string, key ssh.PublicKey) (*ssh.Permissions, error)
+}
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..6c034cf
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,5 @@
+module github.com/barakmich/ussher
+
+go 1.14
+
+require golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..8d6f332
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,8 @@
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a h1:vclmkQCjlDX5OydZ9wv8rBCcS0QyQY66Mpf/7BZbInM=
+golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
diff --git a/ssh_server.go b/ssh_server.go
new file mode 100644
index 0000000..b8b3040
--- /dev/null
+++ b/ssh_server.go
@@ -0,0 +1,17 @@
+package ussher
+
+import "golang.org/x/crypto/ssh"
+
+func RunSSHServer(config *Config) error {
+	sshConfig := &ssh.ServerConfig{
+		PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
+			return config.Keystore.CheckPublicKey(conn.User(), key)
+		},
+	}
+
+	private, err := config.GetPrivateKey()
+	if err != nil {
+		return err
+	}
+	sshConfig.AddHostKey(private)
+}