diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd
index 4dbb57864..54f2afe98 100644
--- a/apparmor.d/groups/ssh/sshd
+++ b/apparmor.d/groups/ssh/sshd
@@ -43,14 +43,17 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
 
   ptrace (read,trace) peer=unconfined,
 
+  network inet  stream,
+  network inet6 stream,
+
   @{exec_path} mrix,
 
   /{usr/,}bin/{,b,d,rb}ash         rUx,
   /{usr/,}bin/{c,k,tc,z}sh         rUx,
   /{usr/,}{s,}bin/nologin          rPx,
-  /{usr/,}bin/false                rix,
   /{usr/,}bin/passwd               rPx,
   /{usr/,}lib/openssh/sftp-server  rPx,
+  /{usr/,}bin/false                rix,
 
   /etc/default/locale r,
   /etc/environment r,
@@ -73,7 +76,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
         @{run}/motd.dynamic.new rw,
         @{run}/resolvconf/resolv.conf r,
         @{run}/systemd/sessions/[0-9]*.ref rw,
-        @{run}/systemd/userdb/ r,
+        @{run}/systemd/notify w,
 
   @{sys}/fs/cgroup/*/user/*/[0-9]*/ rw,
   @{sys}/fs/cgroup/systemd/user.slice/user-@{uid}.slice/session-c[0-9]*.scope/ rw,
@@ -87,11 +90,10 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
         @{PROC}/@{pids}/fd/ r,
         @{PROC}/1/environ r,
         @{PROC}/cmdline r,
-        @{PROC}/cmdline r,
         @{PROC}/filesystems r,
         @{PROC}/sys/kernel/ngroups_max r,
 
   /dev/ptmx rw,
 
   include if exists <local/sshd>
-}
\ No newline at end of file
+}