diff --git a/apparmor.d/groups/ssh/ssh-agent b/apparmor.d/groups/ssh/ssh-agent
index f6732b1cf..9fc2900b4 100644
--- a/apparmor.d/groups/ssh/ssh-agent
+++ b/apparmor.d/groups/ssh/ssh-agent
@@ -13,6 +13,7 @@ profile ssh-agent @{exec_path} {
   include <abstractions/nameservice-strict>
 
   signal receive set=term peer=cockpit-bridge,
+  signal receive set=term peer=cockpit-session,
   signal receive set=term peer=gnome-keyring-daemon,
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/ssh/ssh-keygen b/apparmor.d/groups/ssh/ssh-keygen
index b55824e58..1b6dd5e98 100644
--- a/apparmor.d/groups/ssh/ssh-keygen
+++ b/apparmor.d/groups/ssh/ssh-keygen
@@ -18,7 +18,8 @@ profile ssh-keygen @{exec_path} {
   /etc/ssh/moduli rw,
   /etc/ssh/ssh_host_*_key* rw,
 
-  owner @{HOME}/@{XDG_SSH_DIR}/{,*} rw,
+  owner @{HOME}/@{XDG_SSH_DIR}/ rw,
+  owner @{HOME}/@{XDG_SSH_DIR}/* rwl -> @{HOME}/@{XDG_SSH_DIR}/*,
 
   owner /tmp/snapd@{int}/*_*{,.pub} w,
   owner /tmp/snapd@{int}/*.key{,.pub} w,
diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd
index 63f2c1370..40cf0bca2 100644
--- a/apparmor.d/groups/ssh/sshd
+++ b/apparmor.d/groups/ssh/sshd
@@ -102,7 +102,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
   owner @{user_download_dirs}/{,**} rwl,
   owner @{user_sync_dirs}/{,**} rwl,
 
-  @{HOME}/@{XDG_SSH_DIR}/authorized_keys{,.*} r,
+  @{HOME}/@{XDG_SSH_DIR}/authorized_keys* r,
   owner @{user_cache_dirs}/{,motd*} rw,
 
   @{att}/@{run}/systemd/sessions/@{int}.ref rw,
diff --git a/apparmor.d/groups/ssh/sshfs b/apparmor.d/groups/ssh/sshfs
index 12e7d8930..ee6a2f903 100644
--- a/apparmor.d/groups/ssh/sshfs
+++ b/apparmor.d/groups/ssh/sshfs
@@ -18,7 +18,7 @@ profile sshfs @{exec_path} flags=(complain) {
   mount fstype=fuse.sshfs -> @{MOUNTS}/*/,
   mount fstype=fuse.sshfs -> @{MOUNTS}/*/*/,
 
-  unix (connect, send, receive) type=stream peer=(label="sshfs//fusermount",addr=none),
+  unix (connect, send, receive) type=stream peer=(label="sshfs//fusermount"),
 
   @{exec_path} mr,