diff --git a/apparmor.d/groups/ssh/ssh b/apparmor.d/groups/ssh/ssh
index 476bd3f26..5dce3ec80 100644
--- a/apparmor.d/groups/ssh/ssh
+++ b/apparmor.d/groups/ssh/ssh
@@ -25,7 +25,7 @@ profile ssh @{exec_path} {
 
   @{bin}/@{shells}     rUx,
 
-  @{lib}/ssh/ssh-sk-helper rix -> ssh-sk-helper,
+  @{lib}/ssh/ssh-sk-helper rPx -> ssh-sk-helper,
 
   @{etc_ro}/ssh/ssh_config r,
   @{etc_ro}/ssh/ssh_config.d/{,*} r,
diff --git a/apparmor.d/groups/ssh/ssh-sk-helper b/apparmor.d/groups/ssh/ssh-sk-helper
index 2013371b3..defa9ac1b 100644
--- a/apparmor.d/groups/ssh/ssh-sk-helper
+++ b/apparmor.d/groups/ssh/ssh-sk-helper
@@ -4,20 +4,17 @@
 
 include <tunables/global>
 
+@{exec_path} = @{lib}/ssh/ssh-sk-helper
 profile ssh-sk-helper flags=(complain) {
+  include <abstractions/base>
 
-  @{lib}/ssh/ssh-sk-helper r,
-
-  /etc/ssl/openssl.cnf r,
+  @{exec_path} mr,
 
   @{sys}/ r,
   @{sys}/bus/ r,
   @{sys}/class/ r,
   @{sys}/class/hidraw/ r,
   @{sys}/class/hidraw/hidraw@{int} r,
-  @{sys}/devices/ r,
-  @{sys}/devices/@{pci_bus}/ r,
-  @{sys}/devices/@{pci_bus}/{,**} r,
 
   /dev/hidraw@{int} rwk,