diff --git a/flake.nix b/flake.nix
index 58d64b70..2001f8c0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -31,12 +31,12 @@
           installer = {
             imports = [
               ./installer.nix
-              ./hidden-announce.nix
+              ./hidden-ssh-announce.nix
             ];
           };
           hidden-announce = {
             imports = [
-              ./hidden-announce.nix
+              ./hidden-ssh-announce.nix
             ];
           };
         };
diff --git a/hidden-announce.nix b/hidden-ssh-announce.nix
similarity index 76%
rename from hidden-announce.nix
rename to hidden-ssh-announce.nix
index bcb8e6c8..7fb6c5ba 100644
--- a/hidden-announce.nix
+++ b/hidden-ssh-announce.nix
@@ -3,11 +3,11 @@
 , pkgs
 , ...
 }: {
-  options.hidden-announce = {
-    enable = lib.mkEnableOption "hidden-announce";
+  options.hidden-ssh-announce = {
+    enable = lib.mkEnableOption "hidden-ssh-announce";
     script = lib.mkOption {
       type = lib.types.package;
-      default = pkgs.writers.writeDash "test-output";
+      default = pkgs.writers.writeDash "test-output" "echo $1";
       description = ''
         script to run when the hidden tor service was started and they hostname is known.
         takes the hostname as $1
@@ -15,7 +15,8 @@
     };
   };
 
-  config = lib.mkIf config.hidden-announce.enable {
+  config = lib.mkIf config.hidden-ssh-announce.enable {
+    services.openssh.enable = true;
     services.tor = {
       enable = true;
       relay.onionServices.hidden-ssh = {
@@ -43,7 +44,7 @@
             sleep 1
           done
 
-          ${config.hidden-announce.script} "$(cat ${config.services.tor.settings.DataDirectory}/onion/hidden-ssh/hostname)"
+          ${config.hidden-ssh-announce.script} "$(cat ${config.services.tor.settings.DataDirectory}/onion/hidden-ssh/hostname)"
         '';
         PrivateTmp = "true";
         User = "tor";
diff --git a/installer.nix b/installer.nix
index 73fb9131..b1aa8154 100644
--- a/installer.nix
+++ b/installer.nix
@@ -11,18 +11,27 @@
     ${pkgs.pwgen}/bin/pwgen -s 16 1 > /var/shared/root-password
     echo "root:$(cat /var/shared/root-password)" | chpasswd
   '';
-  hidden-announce = {
+  hidden-ssh-announce = {
     enable = true;
     script = pkgs.writers.writeDash "write-hostname" ''
       mkdir -p /var/shared
       echo "$1" > /var/shared/onion-hostname
+      ${pkgs.jq}/bin/jq -nc \
+        --arg password "$(cat /var/shared/root-password)" \
+        --arg address "$(cat /var/shared/onion-hostname)" '{
+          password: $password, address: $address
+        }' > /var/shared/login.info
+      cat /var/shared/login.info |
+        ${pkgs.qrencode}/bin/qrencode -t utf8 > /var/shared/qrcode.utf8
+      cat /var/shared/login.info |
+        ${pkgs.qrencode}/bin/qrencode -t png > /var/shared/qrcode.png
     '';
   };
   services.getty.autologinUser = lib.mkForce "root";
   programs.bash.interactiveShellInit = ''
     if [ "$(tty)" = "/dev/tty1" ]; then
-      until test -e /var/shared/onion-hostname; do sleep 1; done
-      echo "ssh://root:$(cat /var/shared/root-password)@$(cat /var/shared/onion-hostname)"
+      until test -e /var/shared/qrcode.utf8; do sleep 1; done
+      cat /var/shared/qrcode.utf8
     fi
   '';
   formatConfigs.install-iso = {