diff --git a/infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl b/infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl
index 89f8df3..71a2ffd 100644
--- a/infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl
+++ b/infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl
@@ -5,10 +5,6 @@ users:
 - name: cluster
   shell: /bin/bash
 runcmd:
-# setup ssh over port 1022 instead of 22
-- sed -i /etc/ssh/sshd_config -e 's/^#\{,1\}\( *Port\) [0-9]\+$/\1 1022/'
-- systemctl daemon-reload
-- systemctl restart ssh.socket
 # configure correct routing via NAT
 - ip route add default via ${network_gateway}
 - NIC=$(ifconfig | grep -q enp7s0 && echo enp7s0 || echo ens10)
diff --git a/k3s/group_vars/agent/config.yml b/k3s/group_vars/agent/config.yml
index 90c7fc7..f508f29 100644
--- a/k3s/group_vars/agent/config.yml
+++ b/k3s/group_vars/agent/config.yml
@@ -1,2 +1,3 @@
 ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new -o ProxyCommand="ssh -p 1022 -W %h:%p -q root@{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
+ansible_port: 22
 k3s_version: v1.31.6+k3s1
diff --git a/k3s/group_vars/k3s_cluster/config.yml b/k3s/group_vars/k3s_cluster/config.yml
index b02a06f..db4f021 100644
--- a/k3s/group_vars/k3s_cluster/config.yml
+++ b/k3s/group_vars/k3s_cluster/config.yml
@@ -1,4 +1,3 @@
 ansible_user: root
-ansible_port: 1022
 api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
 
diff --git a/k3s/group_vars/server/config.yml b/k3s/group_vars/server/config.yml
index ce192f6..f78b458 100644
--- a/k3s/group_vars/server/config.yml
+++ b/k3s/group_vars/server/config.yml
@@ -1,2 +1,3 @@
 ansible_ssh_common_args: '-o StrictHostKeyChecking=accept-new'
+ansible_port: 1022
 k3s_version: v1.31.6+k3s1