diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 9b5039a3d5583c06bf9de1a876b27bc45c58ce90..8b0127be1544e8999748c69b4d626e7b7fc0fe47 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -493,6 +493,7 @@ enable_neutron_segments: "no"
 enable_neutron_sfc: "no"
 enable_neutron_infoblox_ipam_agent: "no"
 enable_nova_serialconsole_proxy: "no"
+enable_nova_ssh: "yes"
 enable_octavia: "no"
 enable_opendaylight: "no"
 enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}"
diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml
index 40113eddeac74ce02de715040f846d43492b5474..689c1bef8a70169671049bf05db1a8aa1291905a 100644
--- a/ansible/roles/nova/defaults/main.yml
+++ b/ansible/roles/nova/defaults/main.yml
@@ -26,7 +26,7 @@ nova_services:
     container_name: "nova_ssh"
     group: "compute"
     image: "{{ nova_ssh_image_full }}"
-    enabled: True
+    enabled: "{{ enable_nova_ssh | bool }}"
     volumes:
       - "{{ node_config_directory }}/nova-ssh/:{{ container_config_directory }}/:ro"
       - "/etc/localtime:/etc/localtime:ro"
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index 8f091b6406412e28dd2be51440a6d930526bf810..49b927291d3477cef4c64cdd1993531049e4147f 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -247,6 +247,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_neutron_sfc: "no"
 #enable_nova_fake: "no"
 #enable_nova_serialconsole_proxy: "no"
+#enable_nova_ssh: "yes"
 #enable_octavia: "no"
 #enable_opendaylight: "no"
 #enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}"
diff --git a/releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml b/releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f535787214fc24b640a76c444d29f974ca6c927e
--- /dev/null
+++ b/releasenotes/notes/allow-disabling-nova-ssh-51028805f163e5a2.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Add a configuration option `enable_nova_ssh` to allow disabling the
+    service. This is useful when an operator is not supporting cold-migration
+    and does not want to manage additional SSH keys.