diff --git a/configs/client.nix b/configs/client.nix
index 9e20d55..817daa5 100644
--- a/configs/client.nix
+++ b/configs/client.nix
@@ -1,9 +1,4 @@
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}:
+{ lib, pkgs, ... }:
 {
   imports = [
     ./common.nix
@@ -22,8 +17,7 @@
       nixd
     ];
 
-    # disable ssh-askpass on wsl namely, to simply have a normal prompt that reads from stdin
-    variables.SSH_ASKPASS_REQUIRE = if config.programs.ssh.enableAskPassword then "prefer" else "never";
+    variables.SSH_ASKPASS_REQUIRE = "prefer";
   };
 
   networking = {
@@ -37,7 +31,11 @@
 
   programs = {
     nix-ld.enable = true;
-    ssh.startAgent = true;
+    ssh = {
+      startAgent = true;
+      enableAskPassword = true;
+      askPassword = lib.mkOverride 1200 "${pkgs.curses-ssh-askpass}"; # see exprs/curses-ssh-askpass.nix
+    };
   };
 
   virtualisation.docker.enable = true;
diff --git a/configs/desktop.nix b/configs/desktop.nix
index f87a1f3..416ef2d 100644
--- a/configs/desktop.nix
+++ b/configs/desktop.nix
@@ -112,7 +112,6 @@
   programs = {
     firefox.enable = true;
     virt-manager.enable = true;
-    ssh.enableAskPassword = true;
   };
 
   security.pam.services.login.enableGnomeKeyring = true;
diff --git a/exprs/curses-ssh-askpass.nix b/exprs/curses-ssh-askpass.nix
new file mode 100644
index 0000000..653500b
--- /dev/null
+++ b/exprs/curses-ssh-askpass.nix
@@ -0,0 +1,15 @@
+{
+  lib,
+  pinentry-curses,
+  writeShellScript,
+}:
+writeShellScript "curses-ssh-askpass" ''
+  if [ -z ''${1+x} ]; then
+    prompt="GETPIN"
+  else
+    prompt="SETDESC $1\nGETPIN"
+  fi
+
+  pin=$(echo -e "$prompt" | ${lib.getExe pinentry-curses} -T /dev/pts/0 | grep D | tr -d '\n')
+  echo "''${pin:2}"
+''
diff --git a/exprs/overlay.nix b/exprs/overlay.nix
index 566bb41..9a7430d 100644
--- a/exprs/overlay.nix
+++ b/exprs/overlay.nix
@@ -1,5 +1,6 @@
 inputs: final: prev: {
   idea-ultimate-fixed = prev.callPackage ./idea-fixed.nix { };
+  curses-ssh-askpass = prev.callPackage ./curses-ssh-askpass.nix { };
 
   vencord = prev.vencord.overrideAttrs (old: rec {
     version = "${old.version}+git.${inputs.vencord.shortRev}";
diff --git a/systems/fuji-wsl/default.nix b/systems/fuji-wsl/default.nix
index f2caa0c..cadef2d 100644
--- a/systems/fuji-wsl/default.nix
+++ b/systems/fuji-wsl/default.nix
@@ -12,6 +12,12 @@
 
   environment.sessionVariables.LD_LIBRARY_PATH = [ "/run/opengl-driver/lib" ];
 
+  hm.programs.fish.interactiveShellInit = lib.mkAfter ''
+    if test -f ~/.ssh/id_ed25519
+      ssh-add -l | grep -q (ssh-keygen -lf ~/.ssh/id_ed25519) || ssh-add ~/.ssh/id_ed25519
+    end
+  '';
+
   wsl = {
     enable = true;
     defaultUser = "leo";