diff --git a/hosts/common/programs/sane-private-unlock-remote.nix b/hosts/common/programs/sane-private-unlock-remote.nix
index c116bf624..5b13f510f 100644
--- a/hosts/common/programs/sane-private-unlock-remote.nix
+++ b/hosts/common/programs/sane-private-unlock-remote.nix
@@ -8,12 +8,12 @@ in
     sandbox.net = "all";
     sandbox.extraHomePaths = [
       ".config/sops"
-      ".ssh/id_ed25519"
-      ".ssh/id_ed25519.pub"
       "knowledge/secrets"
     ];
+    sandbox.whitelistSsh = true;
     suggestedPrograms = [
       "sane-scripts.secrets-dump"
+      "ssh"
     ];
 
     configOption = with lib; mkOption {