diff --git a/hosts/common/programs/ssh.nix b/hosts/common/programs/ssh.nix
index 47ae6d2e3..f88f5faa7 100644
--- a/hosts/common/programs/ssh.nix
+++ b/hosts/common/programs/ssh.nix
@@ -38,6 +38,7 @@ in
 
   sane.programs.ssh-add = {
     packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.openssh "ssh-add";
+    sandbox.autodetectCliPaths = "existing";
     sandbox.extraHomePaths = [
       ".ssh/id_ed25519"
     ];
@@ -61,5 +62,31 @@ in
     #   the `bunpen` and `bwrap` user namespace sandboxes map root -> nobody, so openssh fails the check.
     #   by avoiding the include, we hack around this limitation.
     systemd-ssh-proxy.enable = false;
+    extraConfig = let
+      SSH_EXTRA_KNOWN_HOSTS = pkgs.writeCBin "print-SSH_EXTRA_KNOWN_HOSTS" ''
+        #define _GNU_SOURCE
+        #include <stdio.h>
+        #include <unistd.h>
+        int main (int argc, char **argv) {
+          for (char **env = environ; *env; ++env) {
+            char *ep = *env;
+            char *ap = "SSH_EXTRA_KNOWN_HOSTS";
+            while (*ep != '\0' && *ap != '\0' && *ep++ == *ap++) {
+              if (*ep == '=' && *ap == '\0') {
+                printf ("%s\n", ep + 1);
+              }
+            }
+          }
+          return 0;
+        }
+      '';
+    in ''
+      # allow injecting ephemeral known_hosts by setting/appending this env var
+      # e.g. `SSH_EXTRA_KNOWN_HOSTS="$(ssh-keyscan FOO)" ssh FOO`
+      # XXX: this is done in system-wide ssh config because otherwise user-namespaced ssh complains about
+      # ~/.ssh/config being owned by the wrong user.
+      # it's a custom binary instead of `printenv SSH_EXTRA_KNOWN_HOSTS` so as to make the env var optional.
+      KnownHostsCommand ${lib.getExe SSH_EXTRA_KNOWN_HOSTS}
+    '';
   };
 }