diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix
index 3301bbb..36c44b0 100644
--- a/home/modules/ssh.nix
+++ b/home/modules/ssh.nix
@@ -7,7 +7,7 @@
 }:
 let
   inherit (lib) types;
-  controlDir = "~/.ssh/controlmasters";
+  controlSocket = "~/.ssh/controlmasters/%C.sock";
 
   proxyTagType = types.submodule (
     { name, ... }:
@@ -84,7 +84,7 @@ in
           hashKnownHosts = false;
           userKnownHostsFile = "~/.ssh/known_hosts";
           controlMaster = "no";
-          controlPath = "${controlDir}/%r@%n:%p";
+          controlPath = controlSocket;
           controlPersist = "no";
         };
       }
@@ -93,10 +93,11 @@ in
         tag: tagDef:
         let
           dependency = if tagDef.after != null then lib.hm.dag.entryAfter tagDef.after else lib.id;
+          escapeOpensshConfig = builtins.replaceStrings ["%"] ["%%"];
         in
         lib.nameValuePair "tagged-${tag}" {
           match = ''tagged="${tag}"'';
-          proxyCommand = "${lib.getExe pkgs.fc-scripts.ssh-multi-proxy} -v -p connect --control-path='${controlDir}'${lib.optionalString tagDef.noDirect " -n"} -i ${lib.concatStringsSep "," tagDef.connectType}${
+          proxyCommand = "${lib.getExe pkgs.fc-scripts.ssh-multi-proxy} -v -S ${config.programs.ssh.package}/bin/ssh -p connect${lib.optionalString tagDef.noDirect " -n"} --control-path='${escapeOpensshConfig controlSocket}' -i ${lib.concatStringsSep "," tagDef.connectType}${
             lib.optionalString (tagDef.jumpHost != null) " -j ${tagDef.jumpHost}"
           } %h %p";
           extraOptions = {