diff --git a/m/apex/configuration.nix b/m/apex/configuration.nix
index 17828a3..82d3842 100644
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@@ -56,17 +56,6 @@
     };
   };
 
-  # Use SSH tunnel to reach internal hosts
-  programs.ssh.extraConfig = ''
-    Host bscpm04.bsc.es gitlab-internal.bsc.es knights3.bsc.es
-      ProxyCommand nc -X connect -x localhost:23080 %h %p
-    Host raccoon
-      HostName knights3.bsc.es
-      ProxyCommand nc -X connect -x localhost:23080 %h %p
-    Host tent
-      ProxyJump raccoon
-  '';
-
   networking.firewall = {
     extraCommands = ''
       # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our
diff --git a/m/common/base/net.nix b/m/common/base/net.nix
index 88c8c00..9fe6c4d 100644
--- a/m/common/base/net.nix
+++ b/m/common/base/net.nix
@@ -16,6 +16,8 @@
     hosts = {
       "84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ];
       "84.88.51.142" = [ "raccoon-ipmi" ];
+      "192.168.11.12" = [ "bscpm04.bsc.es" ];
+      "192.168.11.15" = [ "gitlab-internal.bsc.es" ];
     };
   };
 }
diff --git a/m/common/ssf.nix b/m/common/ssf.nix
index 98a98e5..ef74da3 100644
--- a/m/common/ssf.nix
+++ b/m/common/ssf.nix
@@ -6,6 +6,5 @@
     ./ssf/hosts.nix
     ./ssf/hosts-remote.nix
     ./ssf/net.nix
-    ./ssf/ssh.nix
   ];
 }
diff --git a/m/common/ssf/ssh.nix b/m/common/ssf/ssh.nix
deleted file mode 100644
index b73abd7..0000000
--- a/m/common/ssf/ssh.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-  # Use SSH tunnel to apex to reach internal hosts
-  programs.ssh.extraConfig = ''
-    Host tent
-      ProxyJump raccoon
-
-    # Access raccoon via the HTTP proxy
-    Host raccoon knights3.bsc.es
-      HostName knights3.bsc.es
-      ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
-
-    # Make sure we can reach gitlab even if we don't have SSH access to raccoon
-    Host bscpm04.bsc.es gitlab-internal.bsc.es
-      ProxyCommand=ssh apex 'nc -X connect -x localhost:23080 %h %p'
-  '';
-}
diff --git a/m/fox/configuration.nix b/m/fox/configuration.nix
index 3f6742b..e890ba5 100644
--- a/m/fox/configuration.nix
+++ b/m/fox/configuration.nix
@@ -45,16 +45,6 @@
 
   services.fail2ban.enable = true;
 
-  # Use SSH tunnel to reach internal hosts
-  programs.ssh.extraConfig = ''
-    Host bscpm04.bsc.es gitlab-internal.bsc.es tent
-      ProxyJump raccoon
-    Host raccoon
-      ProxyJump apex
-      HostName 127.0.0.1
-      Port 22022
-  '';
-
   networking = {
     timeServers = [ "ntp1.upc.edu" "ntp2.upc.edu" ];
     hostName = "fox";
diff --git a/m/module/ssh-hut-extern.nix b/m/module/ssh-hut-extern.nix
deleted file mode 100644
index cc6b26a..0000000
--- a/m/module/ssh-hut-extern.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-  programs.ssh.extraConfig = ''
-    Host apex ssfhead
-      HostName ssflogin.bsc.es
-    Host hut
-      ProxyJump apex
-  '';
-}
diff --git a/m/raccoon/configuration.nix b/m/raccoon/configuration.nix
index 7a608e2..b68b519 100644
--- a/m/raccoon/configuration.nix
+++ b/m/raccoon/configuration.nix
@@ -3,9 +3,9 @@
 {
   imports = [
     ../common/base.nix
+    ../common/ssf/hosts.nix
     ../module/emulation.nix
     ../module/debuginfod.nix
-    ../module/ssh-hut-extern.nix
     ../module/nvidia.nix
     ../eudy/kernel/perf.nix
     ./wireguard.nix
diff --git a/m/tent/configuration.nix b/m/tent/configuration.nix
index 9d56ba7..79c9f45 100644
--- a/m/tent/configuration.nix
+++ b/m/tent/configuration.nix
@@ -3,9 +3,9 @@
 {
   imports = [
     ../common/xeon.nix
+    ../common/ssf/hosts.nix
     ../module/emulation.nix
     ../module/debuginfod.nix
-    ../module/ssh-hut-extern.nix
     ./monitoring.nix
     ./nginx.nix
     ./nix-serve.nix