diff --git a/spoke/setup-spoke.sh b/spoke/setup-spoke.sh
index b76fa59..88aeda1 100644
--- a/spoke/setup-spoke.sh
+++ b/spoke/setup-spoke.sh
@@ -123,10 +123,12 @@ else
     warn "Could not enable SSH service — please start it manually."
 fi
 
+SSHD_CONF="/etc/ssh/sshd_config"
+
 header "Password Authentication"
 read -rp "Disable password auth for $SPOKE_USER and use keys only? [Y/n]: " DISABLE_PASS
-DISABLE_PASS="${{DISABLE_PASS:-y}}"
-if [[ "${{DISABLE_PASS,,}}" == "y" ]]; then
+DISABLE_PASS="${DISABLE_PASS:-y}"
+if [[ "${DISABLE_PASS,,}" == "y" ]]; then
     if [ ! -s "$SSH_DIR/authorized_keys" ]; then
         warn "No keys found in $SSH_DIR/authorized_keys — skipping password auth disable to avoid lockout."
     else