diff --git a/manifests/init.pp b/manifests/init.pp
index a3fc66e..c789b14 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,6 +1,6 @@
 # == Class: ssh
 #
-class ssh {
+class ssh ($trusted_ssh_source = 'puppetmaster.openstack.org') {
     include ssh::params
     package { $::ssh::params::package_name:
       ensure => present,
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
index b55fd2f..4e7a512 100644
--- a/templates/sshd_config.erb
+++ b/templates/sshd_config.erb
@@ -86,5 +86,5 @@ Subsystem sftp <%= scope.lookupvar('::ssh::params::sftp_path') %>
 UsePAM yes
 
 # allow ansible connections from puppetmaster host
-Match host puppetmaster.openstack.org
+Match host <%= @trusted_ssh_source %>
     PermitRootLogin without-password