diff --git a/nixos/tests/nixos-rebuild-target-host.nix b/nixos/tests/nixos-rebuild-target-host.nix
index 4c3e894a6977..480963fa1bf1 100644
--- a/nixos/tests/nixos-rebuild-target-host.nix
+++ b/nixos/tests/nixos-rebuild-target-host.nix
@@ -57,7 +57,7 @@
           users.users.alice.extraGroups = [ "wheel" ];
           users.users.bob.extraGroups = [ "wheel" ];
 
-          # Disable sudo for root to ensure sudo isn't called without `--use-remote-sudo`
+          # Disable sudo for root to ensure sudo isn't called without `--sudo`
           security.sudo.extraRules = lib.mkForce [
             {
               groups = [ "wheel" ];
@@ -170,20 +170,20 @@
       # Ensure sudo is disabled for root
       target.fail("sudo true")
 
-      # This test also ensures that sudo is not called without --use-remote-sudo
+      # This test also ensures that sudo is not called without --sudo
       with subtest("Deploy to root@target"):
         deployer.succeed("nixos-rebuild switch -I nixos-config=/root/configuration-1.nix --target-host root@target &>/dev/console")
         target_hostname = deployer.succeed("ssh alice@target cat /etc/hostname").rstrip()
         assert target_hostname == "config-1-deployed", f"{target_hostname=}"
 
       with subtest("Deploy to alice@target with passwordless sudo"):
-        deployer.succeed("nixos-rebuild switch -I nixos-config=/root/configuration-2.nix --target-host alice@target --use-remote-sudo &>/dev/console")
+        deployer.succeed("nixos-rebuild switch -I nixos-config=/root/configuration-2.nix --target-host alice@target --sudo &>/dev/console")
         target_hostname = deployer.succeed("ssh alice@target cat /etc/hostname").rstrip()
         assert target_hostname == "config-2-deployed", f"{target_hostname=}"
 
       with subtest("Deploy to bob@target with password based sudo"):
         # TODO: investigate why --ask-sudo-password from nixos-rebuild-ng is not working here
-        deployer.succeed(r'${lib.optionalString withNg "NIX_SSHOPTS=-t "}passh -c 3 -C -p ${nodes.target.users.users.bob.password} -P "\[sudo\] password" nixos-rebuild switch -I nixos-config=/root/configuration-3.nix --target-host bob@target --use-remote-sudo &>/dev/console')
+        deployer.succeed(r'${lib.optionalString withNg "NIX_SSHOPTS=-t "}passh -c 3 -C -p ${nodes.target.users.users.bob.password} -P "\[sudo\] password" nixos-rebuild switch -I nixos-config=/root/configuration-3.nix --target-host bob@target --sudo &>/dev/console')
         target_hostname = deployer.succeed("ssh alice@target cat /etc/hostname").rstrip()
         assert target_hostname == "config-3-deployed", f"{target_hostname=}"
 
diff --git a/pkgs/os-specific/linux/nixos-rebuild/_nixos-rebuild b/pkgs/os-specific/linux/nixos-rebuild/_nixos-rebuild
index 31e23136528d..76be2c98a706 100644
--- a/pkgs/os-specific/linux/nixos-rebuild/_nixos-rebuild
+++ b/pkgs/os-specific/linux/nixos-rebuild/_nixos-rebuild
@@ -35,7 +35,7 @@ _nixos-rebuild() {
     --profile-name -p # name
     --rollback
     --specialisation -c # name
-    --use-remote-sudo
+    --use-sudo
     --no-ssh-tty
     --build-host # host
     --target-host # host
diff --git a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8 b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8
index 3e9936d30129..2932a82e84f1 100644
--- a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8
+++ b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.8
@@ -38,7 +38,7 @@
 .br
 .Op Fl -build-host Va host
 .Op Fl -target-host Va host
-.Op Fl -use-remote-sudo
+.Op Fl -sudo
 .Op Fl -no-ssh-tty
 .br
 .Op Fl -verbose | v
@@ -404,7 +404,7 @@ or
 is also set. This is useful when the target-host connection to cache.nixos.org
 is faster than the connection between hosts.
 .
-.It Fl -use-remote-sudo
+.It Fl -sudo
 When set, nixos-rebuild prefixes activation commands that run on the
 .Fl -target-host
 system with
diff --git a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh
index 6c22a46bdcef..7b1e99a2f819 100755
--- a/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh
+++ b/pkgs/os-specific/linux/nixos-rebuild/nixos-rebuild.sh
@@ -32,8 +32,7 @@ specialisation=
 imageVariant=
 buildHost=
 targetHost=
-remoteSudo=
-localSudo=
+useSudo=
 noSSHTTY=
 verboseScript=
 noFlake=
@@ -171,11 +170,8 @@ while [ "$#" -gt 0 ]; do
         targetHost="$1"
         shift 1
         ;;
-      --use-remote-sudo)
-        remoteSudo=1
-        ;;
-      --use-local-sudo)
-        localSudo=1
+      --sudo | --use-remote-sudo)
+        useSudo=1
         ;;
       --no-ssh-tty)
         noSSHTTY=1
@@ -241,7 +237,7 @@ buildHostCmd() {
 
 targetHostCmd() {
     local c
-    if [[ "${useSudo:-x}" = 1 ]]; then
+    if [[ "${withSudo:-x}" = 1 ]]; then
         c=("sudo")
     else
         c=()
@@ -260,8 +256,8 @@ targetHostSudoCmd() {
         t="-t"
     fi
 
-    if [[ -n "$remoteSudo" || -n "$localSudo" ]]; then
-        useSudo=1 SSHOPTS="$SSHOPTS $t" targetHostCmd "$@"
+    if [[ -n "$useSudo" ]]; then
+        withSudo=1 SSHOPTS="$SSHOPTS $t" targetHostCmd "$@"
     else
         # While a tty might not be necessary, we apply it to be consistent with
         # sudo usage, and an experience that is more consistent with local deployment.