diff --git a/inventory/group_vars/pkgs_stg b/inventory/group_vars/pkgs_stg
index 752a8cfff8..91fc2026ee 100644
--- a/inventory/group_vars/pkgs_stg
+++ b/inventory/group_vars/pkgs_stg
@@ -11,6 +11,9 @@ wsgi_threads: 4
 
 pagure_static_uid: 600
 
+# Configures ssh for git@ user
+sshd_keyhelper: true
+
 # We have both celery (pagure_worker) and web thread wanting to send out fedmsg's.
 # To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg.
 fedmsg_active: True
diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config
index 3e52530532..cc3485a118 100644
--- a/roles/basessh/templates/sshd_config
+++ b/roles/basessh/templates/sshd_config
@@ -51,9 +51,10 @@ AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 AcceptEnv XMODIFIERS
 
 {% if sshd_keyhelper %}
-# For repospanner/git
-AuthorizedKeysCommandUser git
-AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f"
+# For git
+Match User git
+   AuthorizedKeysCommandUser git
+   AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f"
 {% elif env == 'staging' and not sshd_keyhelper %}
 AuthorizedKeysCommandUser nobody
 AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys