diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
index 9010cc8..c974635 100644
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -22,3 +22,4 @@
     - emacs
     - firefox
     - devfs
+    - ssh_client
diff --git a/ansible/roles/ssh_client/files/gpg_auth b/ansible/roles/ssh_client/files/gpg_auth
new file mode 100644
index 0000000..f532a75
--- /dev/null
+++ b/ansible/roles/ssh_client/files/gpg_auth
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+#
+# Wrapper to set the SSH auth socket to GPG for services that do not
+# yet support security key ssh keys
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec env SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh" "$@"
diff --git a/ansible/roles/ssh_client/tasks/common.yaml b/ansible/roles/ssh_client/tasks/common.yaml
new file mode 100644
index 0000000..d7c1735
--- /dev/null
+++ b/ansible/roles/ssh_client/tasks/common.yaml
@@ -0,0 +1,14 @@
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
diff --git a/ansible/roles/ssh_client/tasks/freebsd.yaml b/ansible/roles/ssh_client/tasks/freebsd.yaml
new file mode 100644
index 0000000..a2928ef
--- /dev/null
+++ b/ansible/roles/ssh_client/tasks/freebsd.yaml
@@ -0,0 +1,16 @@
+- name: Install packages
+  package:
+    name:
+      - libfido2 # u2f support for ssh
+    state: present
+
+- name: Install scripts
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - src: gpg_auth
+      dest: /usr/local/bin/gpg_auth
diff --git a/ansible/roles/ssh_client/tasks/linux.yaml b/ansible/roles/ssh_client/tasks/linux.yaml
new file mode 100644
index 0000000..e1835f0
--- /dev/null
+++ b/ansible/roles/ssh_client/tasks/linux.yaml
@@ -0,0 +1,6 @@
+# - name: Install packages
+#   pacman:
+#     name:
+#       - foo
+#     state: present
+#     update_cache: true
diff --git a/ansible/roles/ssh_client/tasks/main.yaml b/ansible/roles/ssh_client/tasks/main.yaml
new file mode 100644
index 0000000..5c1df6c
--- /dev/null
+++ b/ansible/roles/ssh_client/tasks/main.yaml
@@ -0,0 +1 @@
+- import_tasks: tasks/common.yaml
diff --git a/ansible/roles/ssh_client/tasks/peruser.yaml b/ansible/roles/ssh_client/tasks/peruser.yaml
new file mode 100644
index 0000000..111e886
--- /dev/null
+++ b/ansible/roles/ssh_client/tasks/peruser.yaml
@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'
diff --git a/ansible/roles/ssh_client/tasks/peruser_freebsd.yaml b/ansible/roles/ssh_client/tasks/peruser_freebsd.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/ssh_client/tasks/peruser_linux.yaml b/ansible/roles/ssh_client/tasks/peruser_linux.yaml
new file mode 100644
index 0000000..e69de29