diff --git a/ansible.cfg b/ansible/ansible.cfg
similarity index 70%
rename from ansible.cfg
rename to ansible/ansible.cfg
index b262fb2..90a4b83 100644
--- a/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -1,5 +1,5 @@
 [defaults]
-inventory = ansible/inventory.yml
+inventory = inventory.yml
 nocows = 1
 pattern =
 deprecation_warnings = False
@@ -11,5 +11,5 @@ remote_user = root
 
 [ssh_connection]
 control_path = ~/.ssh/cm-%%r@%%h:%%p
-ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ansible/ssh_config
+ssh_args = -o ControlMaster=auto -o ControlPersist=8h -F ssh_config
 pipelining = True
diff --git a/known_hosts b/ansible/known_hosts
similarity index 94%
rename from known_hosts
rename to ansible/known_hosts
index 8ab08ee..8aa3931 100644
--- a/known_hosts
+++ b/ansible/known_hosts
@@ -1,4 +1,4 @@
-# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
+# Use `ansible-playbook update-ssh-config.yml` to update this file
 100.102.3.3 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN4SifLddYAz8CasmFwX5TQbiM8atAYMFuDQRchclHM0sq9Pi8wRxSZK8SHON4Y7YFsIY+cXnQ2Wx4FpzKmfJYE= # backdoor
 100.102.3.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8/E7PDqTrTdU+MFurHkIPzTBTGcSJqXuv5n0Ugd/IlvOr2v+eYi3ma91pSBmF5Hjy9foWypCLZfH+vWMkV0gs= # frontdoor
 100.102.3.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFcH8D2AhnESw3uu2f4EHBhT9rORQQJJ3TlbwN+kro5tRZsZk4p3MKabBiuCSZw2KWjfu0MY4yHSCrUUQrggJDM= # grounddoor
@@ -10,6 +10,7 @@
 172.21.3.63 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMgOIL43dgCYlwAI2O269iHxo7ymweG7NoXjnk2F529G5mP+mp5We4lDZEJVyLYtemvhQ2hEHI/WVPWy3SNiuM= # mon3.kube.k-space.ee
 172.23.0.7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC15tWIbuBqd4UZLaRbpb6oTlwniS4cg2IYZYe5ys352azj2kzOnvtCGiPo0fynFadwfDHtge9JjK6Efwl87Wgc= # nas.k-space.ee
 172.20.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO77ffkJi903aA6cM7HnFfSyYbPP4jkydI/+/tIGeMv+c9BYOE27n+ylNERaEhYkyddIx93MB4M6GYRyQOjLWSc= # ns1.k-space.ee
+[78.28.64.17]:10648 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7J61p3YzsbRAYtXIrhQUeqc47LuVw1I38egHzi/kLG+CFPsyB9krd29yJMyLRjyM+m5qUjoxNiWK/x0g3jKOI= # offsite
 172.21.20.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHLHc3T/J5G1CIf33XeniJk5+D0cpaXe0OkHmpCQ3DoZC3KkFBpA+/U1mlo+qb8xf/GrMj6BMMMLXKSUxbEVGaU= # pve1
 172.21.20.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGSRetFdHExRT69pHJAcuhqzAu+Xx4K2AEmWJhUZ2JYF7aa0JbltiYQs58Bpx9s9NA793tiHLZXABy56dI+D9Q= # pve2
 172.21.20.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzNvX3ga56EELcI9gV7moyFdKllSwb81V2tCWIjhFVSFTo3QKH/gX/MBnjcs+RxeVV3GF7zIIv8492bCvgiO9s= # pve8
diff --git a/ansible/ssh_config b/ansible/ssh_config
index b083e5e..a7e5b2a 100644
--- a/ansible/ssh_config
+++ b/ansible/ssh_config
@@ -1,9 +1,10 @@
-# Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
+# Use `ansible-playbook update-ssh-config.yml` to update this file
 # Use `ssh -F ssh_config ...` to connect to target machine or
 # Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
 Host backdoor 100.102.3.3
     User root
     Hostname 100.102.3.3
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -11,6 +12,7 @@ Host backdoor 100.102.3.3
 Host frontdoor 100.102.3.2
     User root
     Hostname 100.102.3.2
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -18,6 +20,7 @@ Host frontdoor 100.102.3.2
 Host grounddoor 100.102.3.1
     User root
     Hostname 100.102.3.1
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -25,6 +28,7 @@ Host grounddoor 100.102.3.1
 Host master1.kube.k-space.ee 172.21.3.51
     User root
     Hostname 172.21.3.51
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -32,6 +36,7 @@ Host master1.kube.k-space.ee 172.21.3.51
 Host master2.kube.k-space.ee 172.21.3.52
     User root
     Hostname 172.21.3.52
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -39,6 +44,7 @@ Host master2.kube.k-space.ee 172.21.3.52
 Host master3.kube.k-space.ee 172.21.3.53
     User root
     Hostname 172.21.3.53
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -46,6 +52,7 @@ Host master3.kube.k-space.ee 172.21.3.53
 Host mon1.kube.k-space.ee 172.21.3.61
     User root
     Hostname 172.21.3.61
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -53,6 +60,7 @@ Host mon1.kube.k-space.ee 172.21.3.61
 Host mon2.kube.k-space.ee 172.21.3.62
     User root
     Hostname 172.21.3.62
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -60,6 +68,7 @@ Host mon2.kube.k-space.ee 172.21.3.62
 Host mon3.kube.k-space.ee 172.21.3.63
     User root
     Hostname 172.21.3.63
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -67,6 +76,7 @@ Host mon3.kube.k-space.ee 172.21.3.63
 Host nas.k-space.ee 172.23.0.7
     User root
     Hostname 172.23.0.7
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -74,6 +84,15 @@ Host nas.k-space.ee 172.23.0.7
 Host ns1.k-space.ee 172.20.0.2
     User root
     Hostname 172.20.0.2
+    Port 22
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+    ControlMaster auto
+    ControlPersist 8h
+Host offsite 78.28.64.17
+    User root
+    Hostname 78.28.64.17
+    Port 10648
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -81,6 +100,7 @@ Host ns1.k-space.ee 172.20.0.2
 Host pve1 172.21.20.1
     User root
     Hostname 172.21.20.1
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -88,6 +108,7 @@ Host pve1 172.21.20.1
 Host pve2 172.21.20.2
     User root
     Hostname 172.21.20.2
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -95,6 +116,7 @@ Host pve2 172.21.20.2
 Host pve8 172.21.20.8
     User root
     Hostname 172.21.20.8
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -102,6 +124,7 @@ Host pve8 172.21.20.8
 Host pve9 172.21.20.9
     User root
     Hostname 172.21.20.9
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -109,6 +132,7 @@ Host pve9 172.21.20.9
 Host storage1.kube.k-space.ee 172.21.3.71
     User root
     Hostname 172.21.3.71
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -116,6 +140,7 @@ Host storage1.kube.k-space.ee 172.21.3.71
 Host storage2.kube.k-space.ee 172.21.3.72
     User root
     Hostname 172.21.3.72
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -123,6 +148,7 @@ Host storage2.kube.k-space.ee 172.21.3.72
 Host storage3.kube.k-space.ee 172.21.3.73
     User root
     Hostname 172.21.3.73
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -130,6 +156,7 @@ Host storage3.kube.k-space.ee 172.21.3.73
 Host storage4.kube.k-space.ee 172.21.3.74
     User root
     Hostname 172.21.3.74
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -137,6 +164,7 @@ Host storage4.kube.k-space.ee 172.21.3.74
 Host worker1.kube.k-space.ee 172.20.3.81
     User root
     Hostname 172.20.3.81
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -144,6 +172,7 @@ Host worker1.kube.k-space.ee 172.20.3.81
 Host worker2.kube.k-space.ee 172.20.3.82
     User root
     Hostname 172.20.3.82
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -151,6 +180,7 @@ Host worker2.kube.k-space.ee 172.20.3.82
 Host worker3.kube.k-space.ee 172.20.3.83
     User root
     Hostname 172.20.3.83
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -158,6 +188,7 @@ Host worker3.kube.k-space.ee 172.20.3.83
 Host worker4.kube.k-space.ee 172.20.3.84
     User root
     Hostname 172.20.3.84
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -165,6 +196,7 @@ Host worker4.kube.k-space.ee 172.20.3.84
 Host worker9.kube.k-space.ee 172.20.3.89
     User root
     Hostname 172.20.3.89
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
@@ -172,6 +204,7 @@ Host worker9.kube.k-space.ee 172.20.3.89
 Host workshopdoor 100.102.3.4
     User root
     Hostname 100.102.3.4
+    Port 22
     GlobalKnownHostsFile known_hosts
     UserKnownHostsFile /dev/null
     ControlMaster auto
diff --git a/ansible/update-ssh-config.yaml b/ansible/update-ssh-config.yaml
index cedb02c..5e1097c 100644
--- a/ansible/update-ssh-config.yaml
+++ b/ansible/update-ssh-config.yaml
@@ -5,31 +5,33 @@
   vars:
     targets: "{{ hostvars[groups['all']] }}"
   tasks:
-    - name: Generate known_hosts
-      ansible.builtin.copy:
-        dest: known_hosts
-        content: |
-          # Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
-          {% for host in groups['all'] | sort %}
-          {{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
-              hostvars[host].get('ansible_host', host))) }} # {{ host }}
-          {% endfor %}
     - name: Generate ssh_config
       ansible.builtin.copy:
         dest: ssh_config
         content: |
-          # Use `ansible-playbook ansible/update-ssh-config.yml` to update this file
+          # Use `ansible-playbook update-ssh-config.yml` to update this file
           # Use `ssh -F ssh_config ...` to connect to target machine or
           # Add `Include ~/path/to/this/kube/ssh_config` in your ~/.ssh/config
           {% for host in groups['all'] | sort %}
           Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
               User root
               Hostname {{ hostvars[host].get('ansible_host', host) }}
+              Port {{ hostvars[host].get('ansible_port', 22) }}
               GlobalKnownHostsFile known_hosts
               UserKnownHostsFile /dev/null
               ControlMaster auto
               ControlPersist 8h
           {% endfor %}
+    - name: Generate known_hosts
+      ansible.builtin.copy:
+        dest: known_hosts
+        content: |
+          # Use `ansible-playbook update-ssh-config.yml` to update this file
+          {% for host in groups['all'] | sort %}
+          {{ lookup('ansible.builtin.pipe', 'ssh-keyscan -p %d -t ecdsa %s' % (
+              hostvars[host].get('ansible_port', 22),
+              hostvars[host].get('ansible_host', host))) }} # {{ host }}
+          {% endfor %}
 
 - name: Pull authorized keys from Gitea
   hosts: localhost
@@ -60,7 +62,7 @@
         group: root
         mode: '0644'
         content: |
-          # Use `ansible-playbook ansible/update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file
+          # Use `ansible-playbook update-ssh-config.yml` from https://git.k-space.ee/k-space/kube/ to update this file
           {% for user in admins + extra_admins | unique | sort %}
           {% for line in lookup("ansible.builtin.file", user + ".keys").split("\n") %}
           {% if line.startswith("sk-") %}