diff --git a/manifests/init.pp b/manifests/init.pp
index 6f1c8d1..d15bcad 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,6 +1,7 @@
 # == Class: ssh
 #
 class ssh (
+    $trusted_ssh_type = 'host',
     $trusted_ssh_source = 'puppetmaster.openstack.org',
     $permit_root_login = 'no',
 ) {
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
index 4592a86..2ed0efe 100644
--- a/templates/sshd_config.erb
+++ b/templates/sshd_config.erb
@@ -86,7 +86,7 @@ Subsystem sftp <%= scope.lookupvar('::ssh::params::sftp_path') %>
 UsePAM yes
 
 # allow ansible connections from puppetmaster host
-Match host <%= @trusted_ssh_source %>
+Match <%= @trusted_ssh_type %> <%= @trusted_ssh_source %>
     PermitRootLogin without-password
 # allow ansible connections from localhost
 Match host localhost