diff --git a/_machines/ares.yml b/_machines/ares.yml
index ef313cf..ba9068a 100644
--- a/_machines/ares.yml
+++ b/_machines/ares.yml
@@ -13,6 +13,7 @@ users:
   mail: hannes@hkoerber.de
   git_gpg_sign: false
   gpg_agent: true
+  gpg_agent_for_ssh: true
   gpg_keys:
     master_key: "0xB5C002530C6A2053"
   environment:
diff --git a/_machines/tb-hak.yml b/_machines/tb-hak.yml
index b045d42..d3d09c6 100644
--- a/_machines/tb-hak.yml
+++ b/_machines/tb-hak.yml
@@ -12,6 +12,7 @@ users:
   mail: hannes.koerber@tradebyte.com
   git_gpg_sign: false
   gpg_agent: false
+  gpg_agent_for_ssh: false
   environment:
     MACHINE_HAS_NEXTCLOUD: "false"
 - name: hannes-private
@@ -20,6 +21,7 @@ users:
   mail: hannes@hkoerber.de
   git_gpg_sign: false
   gpg_agent: true
+  gpg_agent_for_ssh: true
   gpg_keys:
     master_key: "0xB5C002530C6A2053"
   environment:
diff --git a/dotfiles.yml b/dotfiles.yml
index 028e88c..a53e912 100644
--- a/dotfiles.yml
+++ b/dotfiles.yml
@@ -14,6 +14,7 @@ dotfiles:
     to: .gnupg/dirmngr.conf
   - from: gnupg/gpg-agent.conf
     to: .gnupg/gpg-agent.conf
+    template: true
   - from: gnupg/gpg.conf
     to: .gnupg/gpg.conf
     template: true
diff --git a/gnupg/gpg-agent.conf b/gnupg/gpg-agent.conf.j2
similarity index 79%
rename from gnupg/gpg-agent.conf
rename to gnupg/gpg-agent.conf.j2
index b9c35df..fb4cf31 100644
--- a/gnupg/gpg-agent.conf
+++ b/gnupg/gpg-agent.conf.j2
@@ -4,6 +4,8 @@ default-cache-ttl-ssh 60480000
 max-cache-ttl 34560000
 max-cache-ttl-ssh 34560000
 
+{% if user.gpg_agent_for_ssh %}
 enable-ssh-support
+{% endif %}
 
 pinentry-program /usr/bin/pinentry-qt