diff --git a/home-manager/machines/candlekeep.nix b/home-manager/machines/candlekeep.nix
index d0b0524..efa9e32 100644
--- a/home-manager/machines/candlekeep.nix
+++ b/home-manager/machines/candlekeep.nix
@@ -23,6 +23,7 @@
     ../modules/common-gui.nix
     ../modules/linux-gui.nix
     ../modules/devenv.nix
+    ../modules/ssh.nix
   ];
 
   nixpkgs = {
diff --git a/home-manager/machines/grymforge.nix b/home-manager/machines/grymforge.nix
index a14c6ac..4346e7a 100644
--- a/home-manager/machines/grymforge.nix
+++ b/home-manager/machines/grymforge.nix
@@ -24,6 +24,7 @@
     ../modules/linux-gui.nix
     ../modules/devenv.nix
     ../modules/gh-dash.nix
+    ../modules/ssh.nix
   ];
 
   nixpkgs = {
diff --git a/home-manager/modules/ssh.nix b/home-manager/modules/ssh.nix
new file mode 100644
index 0000000..96e76cb
--- /dev/null
+++ b/home-manager/modules/ssh.nix
@@ -0,0 +1,52 @@
+# A modern replacement for 'ls'.
+{...}: {
+  programs.ssh = {
+    enable = true;
+    hashKnownHosts = true;
+    matchBlocks = {
+      "router" = {
+        hostname = "router.local.gwg313.xyz";
+        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
+      };
+      "github.com" = {
+        hostname = "github.com";
+        identityFile = "/home/gwg313/.ssh/github/id_ed25519";
+      };
+      "candlekeep" = {
+        hostname = "candlekeep.local.gwg313.xyz";
+        user = "gwg313";
+        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
+      };
+      "candlekeep.zt" = {
+        hostname = "candlekeep.zt"; # added to hosts in zerotier config
+        user = "gwg313";
+        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
+      };
+      "grymforge" = {
+        hostname = "grymforge.local.gwg313.xyz";
+        user = "gwg313";
+        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
+      };
+      "grymforge.zt" = {
+        hostname = "grymforge.zt"; # added to hosts in zerotier config
+        user = "gwg313";
+        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
+      };
+      "bytebastion1" = {
+        hostname = "bytebastion1.local.gwg313.xyz";
+        user = "gwg313";
+        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
+      };
+      "bytebastion2" = {
+        hostname = "bytebastion2.local.gwg313.xyz";
+        user = "gwg313";
+        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
+      };
+      "bytebastion3" = {
+        hostname = "bytebastion3.local.gwg313.xyz";
+        user = "gwg313";
+        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
+      };
+    };
+  };
+}