diff --git a/configuration/upstart.nix b/configuration/upstart.nix
index ea1ce4a443f..583b93a3930 100644
--- a/configuration/upstart.nix
+++ b/configuration/upstart.nix
@@ -66,7 +66,7 @@ import ../upstart-jobs/gather.nix {
   # SSH daemon.
   ++ optional ["services" "sshd" "enable"]
     (import ../upstart-jobs/sshd.nix {
-      inherit (pkgs) openssh;
+      inherit (pkgs) openssh glibc pwdutils;
     })
 
   # X server.
diff --git a/helpers/accounts.sh b/helpers/accounts.sh
deleted file mode 100644
index 1e189c56e7f..00000000000
--- a/helpers/accounts.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-userExists() {
-    local name="$1"
-    if id -u "$name" > /dev/null 2>&1; then
-        return 0 # true
-    else
-        return 1 # false
-    fi
-}
-
-
-createUser() {
-    local name="$1"
-    local password="$2"
-    local uid="$3"
-    local gid="$4"
-    local gecos="$5"
-    local homedir="$6"
-    local shell="$7"
-    echo "$name:$password:$uid:$gid:$gecos:$homedir:$shell" >> /etc/passwd
-}
diff --git a/upstart-jobs/sshd.nix b/upstart-jobs/sshd.nix
index 4aa35319a28..ad530a60fa4 100644
--- a/upstart-jobs/sshd.nix
+++ b/upstart-jobs/sshd.nix
@@ -1,4 +1,4 @@
-{openssh}:
+{openssh, glibc, pwdutils}:
 
 {
   name = "sshd";
@@ -10,8 +10,6 @@ start on network-interfaces/started
 stop on network-interfaces/stop
 
 start script
-    source ${../helpers/accounts.sh}
-
     mkdir -m 0555 -p /var/empty
 
     mkdir -m 0755 -p /etc/ssh
@@ -20,10 +18,10 @@ start script
         ${openssh}/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
     fi
 
-    if ! userExists sshd; then
-        createUser sshd x 74 74 'SSH privilege separation user' /var/empty /noshell
+    if ! {glibc}/bin/getent passwd sshd > /dev/null; then
+        ${pwdutils}/sbin/useradd -g nogroup -d /var/empty -s /noshell \\
+            -c 'SSH privilege separation user' sshd
     fi
-
 end script
 
 respawn ${openssh}/sbin/sshd -D -h /etc/ssh/ssh_host_dsa_key -f ${./sshd_config}