diff --git a/pkg/model/alimodel/policy_builder.go b/pkg/model/alimodel/policy_builder.go
index a7ab087224..817d17c9db 100644
--- a/pkg/model/alimodel/policy_builder.go
+++ b/pkg/model/alimodel/policy_builder.go
@@ -280,7 +280,6 @@ func (b *PolicyBuilder) AddOSSPermissions(p *Policy) (*Policy, error) {
 					strings.Join([]string{b.RAMPrefix(), ":oss:*:*:", ramOSSPath, "/config"}, ""),
 					strings.Join([]string{b.RAMPrefix(), ":oss:*:*:", ramOSSPath, "/instancegroup/*"}, ""),
 					strings.Join([]string{b.RAMPrefix(), ":oss:*:*:", ramOSSPath, "/pki/private/kube-proxy/*"}, ""),
-					strings.Join([]string{b.RAMPrefix(), ":oss:*:*:", ramOSSPath, "/pki/ssh/*"}, ""),
 					strings.Join([]string{b.RAMPrefix(), ":oss:*:*:", ramOSSPath, "/secrets/dockerconfig"}, ""),
 				}
 
diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go
index 0d2e4fe432..62789e9739 100644
--- a/pkg/model/iam/iam_builder.go
+++ b/pkg/model/iam/iam_builder.go
@@ -633,7 +633,6 @@ func ReadableStatePaths(cluster *kops.Cluster, role Subject) ([]string, error) {
 			"/addons/*",
 			"/cluster-completed.spec",
 			"/igconfig/node/*",
-			"/pki/ssh/*",
 			"/secrets/dockerconfig",
 		)