diff --git a/docs/changelog-fragments/782.contrib.rst b/docs/changelog-fragments/782.contrib.rst
new file mode 100644
index 000000000..0b4a9702b
--- /dev/null
+++ b/docs/changelog-fragments/782.contrib.rst
@@ -0,0 +1,4 @@
+The SSHD start probe client command is now shielded from external
+environmnent and will no longer attempt using an SSH agent on the
+machine where the tests are involved, nor will it use alternative
+authentication methods -- by :user:`webknjaz`.
diff --git a/tests/_service_utils.py b/tests/_service_utils.py
index f18d0f1e3..63e54e984 100644
--- a/tests/_service_utils.py
+++ b/tests/_service_utils.py
@@ -44,11 +44,17 @@ def wait_for_svc_ready_state(
     """
     cmd = [
         '/usr/bin/ssh',
-        f'-l{getpass.getuser()!s}',
-        f'-i{clientkey_path!s}',
-        f'-p{port!s}',
-        '-oUserKnownHostsFile=/dev/null',
+        '-F/dev/null',  # or -Fnone
+        '-oConnectTimeout=1',
+        '-oIdentitiesOnly=yes',
+        '-oIdentityAgent=/dev/null',
+        f'-oIdentityFile={clientkey_path!s}',
+        '-oPasswordAuthentication=no',
+        f'-oPort={port!s}',
+        '-oPreferredAuthentications=publickey',
         '-oStrictHostKeyChecking=no',
+        f'-oUser={getpass.getuser()!s}',
+        '-oUserKnownHostsFile=/dev/null',
         host,
         '--',
         'exit 0',