diff --git a/tests/nixos/fetch-git/default.nix b/tests/nixos/fetch-git/default.nix
index abeefb0e3026..254fecaaffc9 100644
--- a/tests/nixos/fetch-git/default.nix
+++ b/tests/nixos/fetch-git/default.nix
@@ -8,53 +8,25 @@
 
   /*
   Test cases
+
+  Test cases are automatically imported from ./test-cases/{name}
+
   The following is set up automatically for each test case:
     - a repo with the {name} is created on the gitea server
     - a repo with the {name} is created on the client
     - the client repo is configured to push to the server repo
+
   Python variables:
     - repo.path: the path to the directory of the client repo
     - repo.git: the git command with the client repo as the working directory
     - repo.remote: the url to the server repo
   */
-  testCases = [
-    {
-      name = "simple-http";
-      description = "can fetch a git repo via http";
-      script = ''
-        # add a file to the repo
-        client.succeed(f"""
-          echo chiang-mai > {repo.path}/thailand \
-          && {repo.git} add thailand \
-          && {repo.git} commit -m 'commit1'
-        """)
-
-        # memoize the revision
-        rev1 = client.succeed(f"""
-          {repo.git} rev-parse HEAD
-        """).strip()
-
-        # push to the server
-        client.succeed(f"""
-          {repo.git} push origin main
-        """)
-
-        # fetch the repo via nix
-        fetched1 = client.succeed(f"""
-          nix eval --impure --raw --expr "(builtins.fetchGit {repo.remote}).outPath"
-        """)
-
-        # check if the committed file is there
-        client.succeed(f"""
-          test -f {fetched1}/thailand
-        """)
-
-        # check if the revision is the same
-        rev1_fetched = client.succeed(f"""
-          nix eval --impure --raw --expr "(builtins.fetchGit {repo.remote}).rev"
-        """).strip()
-        assert rev1 == rev1_fetched
-      '';
-    }
-  ];
+  testCases =
+    map
+    (testCaseName: {...}: {
+      imports = ["${./test-cases}/${testCaseName}"];
+      # ensures tests are named like their directories they are defined in
+      name = testCaseName;
+    })
+    (lib.attrNames (builtins.readDir ./test-cases));
 }
diff --git a/tests/nixos/fetch-git/test-cases/simple-http/default.nix b/tests/nixos/fetch-git/test-cases/simple-http/default.nix
new file mode 100644
index 000000000000..8f6abda573d5
--- /dev/null
+++ b/tests/nixos/fetch-git/test-cases/simple-http/default.nix
@@ -0,0 +1,37 @@
+{
+  description = "can fetch a git repo via ssh";
+  script = ''
+    # add a file to the repo
+    client.succeed(f"""
+      echo chiang-mai > {repo.path}/thailand \
+      && {repo.git} add thailand \
+      && {repo.git} commit -m 'commit1'
+    """)
+
+    # memoize the revision
+    rev1 = client.succeed(f"""
+      {repo.git} rev-parse HEAD
+    """).strip()
+
+    # push to the server
+    client.succeed(f"""
+      {repo.git} push origin main
+    """)
+
+    # fetch the repo via nix
+    fetched1 = client.succeed(f"""
+      nix eval --impure --raw --expr "(builtins.fetchGit {repo.remote}).outPath"
+    """)
+
+    # check if the committed file is there
+    client.succeed(f"""
+      test -f {fetched1}/thailand
+    """)
+
+    # check if the revision is the same
+    rev1_fetched = client.succeed(f"""
+      nix eval --impure --raw --expr "(builtins.fetchGit {repo.remote}).rev"
+    """).strip()
+    assert rev1 == rev1_fetched
+  '';
+}
diff --git a/tests/nixos/fetch-git/test-cases/simple-ssh/default.nix b/tests/nixos/fetch-git/test-cases/simple-ssh/default.nix
new file mode 100644
index 000000000000..66f6cef248a9
--- /dev/null
+++ b/tests/nixos/fetch-git/test-cases/simple-ssh/default.nix
@@ -0,0 +1,47 @@
+{
+  description = "can fetch a git repo via http";
+  script = ''
+    # add a file to the repo
+    client.succeed(f"""
+      echo chiang-mai > {repo.path}/thailand \
+      && {repo.git} add thailand \
+      && {repo.git} commit -m 'commit1'
+    """)
+
+    # memoize the revision
+    rev1 = client.succeed(f"""
+      {repo.git} rev-parse HEAD
+    """).strip()
+
+    # push to the server
+    client.succeed(f"""
+      ssh root@gitea "git init --bare -b main simple-ssh" \
+      && {repo.git} remote set-url origin root@gitea:simple-ssh \
+      && {repo.git} push origin main
+    """)
+
+    # fetch the repo via nix
+    fetched1 = client.succeed("""
+      nix eval --impure --raw --expr '
+        (builtins.fetchGit {
+          url = "ssh://gitea/root/simple-ssh";
+        }).outPath
+      '
+    """)
+
+    # check if the committed file is there
+    client.succeed(f"""
+      test -f {fetched1}/thailand
+    """)
+
+    # check if the revision is the same
+    rev1_fetched = client.succeed("""
+      nix eval --impure --raw --expr '
+        (builtins.fetchGit {
+          url = "ssh://gitea/root/simple-ssh";
+        }).rev
+      '
+    """).strip()
+    assert rev1 == rev1_fetched
+  '';
+}
diff --git a/tests/nixos/fetch-git/testsupport/gitea.nix b/tests/nixos/fetch-git/testsupport/gitea.nix
index d2bd622e4c23..2ea23961e7e6 100644
--- a/tests/nixos/fetch-git/testsupport/gitea.nix
+++ b/tests/nixos/fetch-git/testsupport/gitea.nix
@@ -1,4 +1,18 @@
-{ lib, nixpkgs, system, ... }: {
+{ lib, nixpkgs, system, pkgs, ... }: let
+  clientPrivateKey = pkgs.writeText "id_ed25519" ''
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
+    VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
+    AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
+    Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
+    -----END OPENSSH PRIVATE KEY-----
+  '';
+
+  clientPublicKey =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB";
+
+in {
   imports = [
     ../testsupport/setup.nix
   ];
@@ -8,8 +22,11 @@
       services.gitea.settings.service.DISABLE_REGISTRATION = true;
       services.gitea.settings.log.LEVEL = "Info";
       services.gitea.settings.database.LOG_SQL = false;
+      services.openssh.enable = true;
       networking.firewall.allowedTCPPorts = [ 3000 ];
-      environment.systemPackages = [ pkgs.gitea ];
+      environment.systemPackages = [ pkgs.git pkgs.gitea ];
+
+      users.users.root.openssh.authorizedKeys.keys = [clientPublicKey];
 
       # TODO: remove this after updating to nixos-23.11
       nixpkgs.pkgs = lib.mkForce (import nixpkgs {
@@ -59,5 +76,25 @@
       git config --global gc.autodetach 0
       git config --global gc.auto 0
     """)
+
+    # add client's private key to ~/.ssh
+    client.succeed("""
+      mkdir -p ~/.ssh
+      chmod 700 ~/.ssh
+      cat ${clientPrivateKey} >~/.ssh/id_ed25519
+      chmod 600 ~/.ssh/id_ed25519
+    """)
+
+    client.succeed("""
+      echo "Host gitea" >>~/.ssh/config
+      echo "  StrictHostKeyChecking no" >>~/.ssh/config
+      echo "  UserKnownHostsFile /dev/null" >>~/.ssh/config
+      echo "  User root" >>~/.ssh/config
+    """)
+
+    # ensure ssh from client to gitea works
+    client.succeed("""
+      ssh root@gitea true
+    """)
   '';
 }