diff --git a/flake.lock b/flake.lock
index 0eba900..17e972d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
         "poetry2nix": "poetry2nix"
       },
       "locked": {
-        "lastModified": 1729693771,
-        "narHash": "sha256-1T5dV6I6uYMuzkmEsPEn/sRITgqwP6EXb+Ba6pa5hXM=",
+        "lastModified": 1729795590,
+        "narHash": "sha256-XB4a0olzSe9OLTRlnPl1M4OP/b/qyPEsEyI/mqAlw+o=",
         "ref": "refs/heads/main",
-        "rev": "9686de97ad0b3b6c3305e7fbc98c3607adf1278a",
-        "revCount": 30,
+        "rev": "27db969b2a2483b715c4291223b1e7961ca0f938",
+        "revCount": 33,
         "type": "git",
         "url": "file:vendor/davids-dotfiles-private"
       },
diff --git a/modules/home/default/default.nix b/modules/home/default/default.nix
index a9a3da9..60eedde 100644
--- a/modules/home/default/default.nix
+++ b/modules/home/default/default.nix
@@ -97,6 +97,14 @@ in {
       };
     })
   ] ++ (lib.optionals hostPlatform.isDarwin [ ./darwin ]);
+  options = {
+    davids.ssh.enable = mkEnableOption "SSH goodies";
+    davids.ssh.knownHostsLines = with types; mkOption {
+      description = "Managed known_host file lines";
+      type = lines;
+      default = "";
+    };
+  };
   config = {
     home = {
       packages = lists.flatten [ adm av net files dev nix ];
@@ -107,6 +115,9 @@ in {
         EDITOR = "vim";
         LANG = "en_US.UTF-8";
       };
+      file.".ssh/davids.known_hosts" = mkIf config.davids.ssh.enable {
+        text = config.davids.ssh.knownHostsLines;
+      };
     };
     programs = {
       vim = {
@@ -133,10 +144,13 @@ in {
         nix-direnv.enable = true;
       };
 
-      ssh = {
+      ssh = mkIf config.davids.ssh.enable {
         enable = true;
         # Unmanaged local overrides
         includes = [ "~/.local/share/ssh/config" ];
+
+        # default ~/.ssh/known_hosts is unmanaged. ~/.ssh/davids.known_hosts is managed by this module
+        userKnownHostsFile = "~/.ssh/known_hosts ~/.ssh/davids.known_hosts";
       };
 
       bash = {
diff --git a/users/davidszakallas/default.nix b/users/davidszakallas/default.nix
index cc5badd..84d3c07 100644
--- a/users/davidszakallas/default.nix
+++ b/users/davidszakallas/default.nix
@@ -29,5 +29,6 @@
     davids.k8stools.enable = true;
     davids.emacs.enable = true;
     davids.jupiter.enable = true;
+    davids.ssh.enable = true;
   };
 }
diff --git a/users/dszakallas/default.nix b/users/dszakallas/default.nix
index 2cf085c..19ce267 100644
--- a/users/dszakallas/default.nix
+++ b/users/dszakallas/default.nix
@@ -30,5 +30,6 @@
     davids.k8stools.enable = true;
     davids.emacs.enable = true;
     davids.pure.enable = true;
+    davids.ssh.enable = true;
   };
 }
diff --git a/vendor/davids-dotfiles-private b/vendor/davids-dotfiles-private
index 9686de9..27db969 160000
--- a/vendor/davids-dotfiles-private
+++ b/vendor/davids-dotfiles-private
@@ -1 +1 @@
-Subproject commit 9686de97ad0b3b6c3305e7fbc98c3607adf1278a
+Subproject commit 27db969b2a2483b715c4291223b1e7961ca0f938