diff --git a/build-analytics-backend-workspace.sh b/build-analytics-backend-workspace.sh
index c4193b9..94009dd 100644
--- a/build-analytics-backend-workspace.sh
+++ b/build-analytics-backend-workspace.sh
@@ -23,10 +23,9 @@ buildah run "$ctr" -- mkdir -p /"$SECURE"/ssh
 buildah copy "$ctr" ssh/config /"$SECURE"/ssh/config
 buildah copy "$ctr" ssh/ssh_blocker.sh /"$SECURE"/ssh/ssh_blocker.sh
 buildah run "$ctr" -- chmod 100 /"$SECURE"/ssh/ssh_blocker.sh
-buildah run "$ctr" -- chattr +i /"$SECURE"/ssh/ssh_blocker.sh
 buildah run "$ctr" -- chmod 000 /"$SECURE"/ssh/config
-buildah run "$ctr" -- chattr +i /"$SECURE"/ssh/config
 buildah run "$ctr" -- chown -R root:root ssh/config /"$SECURE"/ssh_blocker.sh
+buildah run "$ctr" -- chattr -R +i /"$SECURE"/ssh
 
 # Neovim config (immutable)
 buildah copy "$ctr" config/nvim /home/devuser/.config/nvim