diff --git a/pki/templates.go b/pki/templates.go
index 8f8b26b2..54c1f168 100644
--- a/pki/templates.go
+++ b/pki/templates.go
@@ -35,8 +35,11 @@ var SSHTemplateData = map[string]string{
 	// and references the step known_hosts file
 	"config.tpl": `Match exec "step ssh check-host %h"
 	ForwardAgent yes
+	{{- if .User.User }}
+	User {{.User.User}}
+	{{- end }}
 	UserKnownHostsFile {{.User.StepPath}}/ssh/known_hosts
-	ProxyCommand step ssh proxycommand %r %h %p`,
+	ProxyCommand step ssh proxycommand {{- if .User.RegistryUsername}} --username {{.User.RegistryUsername}}{{end}}{{- if .User.RegistryPassword}} --password {{.User.RegistryPassword}}{{end}} %r %h %p`,
 
 	// known_hosts.tpl authorizes the ssh hosts key
 	"known_hosts.tpl": `@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}