diff --git a/Library/Homebrew/brew.sh b/Library/Homebrew/brew.sh
index cbe08846a2..a6e123a620 100644
--- a/Library/Homebrew/brew.sh
+++ b/Library/Homebrew/brew.sh
@@ -396,8 +396,25 @@ setup_git() {
   fi
 }
 
+setup_ssh() {
+  # This is set by the user environment.
+  # shellcheck disable=SC2154
+  HOMEBREW_BREWED_SSH_PATH="${HOMEBREW_PREFIX}/opt/openssh/bin/ssh"
+  if [[ -n "${HOMEBREW_FORCE_BREWED_SSH}" && -x "${HOMEBREW_BREWED_SSH_PATH}" ]] &&
+     "${HOMEBREW_BREWED_SSH_PATH}" -V &>/dev/null
+  then
+    HOMEBREW_SSH="${HOMEBREW_BREWED_SSH_PATH}"
+  elif [[ -n "${HOMEBREW_SSH_PATH}" ]]
+  then
+    HOMEBREW_SSH="${HOMEBREW_SSH_PATH}"
+  else
+    HOMEBREW_SSH="ssh"
+  fi
+}
+
 setup_curl
 setup_git
+setup_ssh
 
 HOMEBREW_VERSION="$("${HOMEBREW_GIT}" -C "${HOMEBREW_REPOSITORY}" describe --tags --dirty --abbrev=7 2>/dev/null)"
 HOMEBREW_USER_AGENT_VERSION="${HOMEBREW_VERSION}"
@@ -795,7 +812,9 @@ setup-analytics
 # Use this configuration file instead of ~/.ssh/config when fetching git over SSH.
 if [[ -n "${HOMEBREW_SSH_CONFIG_PATH}" ]]
 then
-  export GIT_SSH_COMMAND="ssh -F${HOMEBREW_SSH_CONFIG_PATH}"
+  export GIT_SSH_COMMAND="${HOMEBREW_SSH} -F${HOMEBREW_SSH_CONFIG_PATH}"
+else
+  export GIT_SSH_COMMAND="${HOMEBREW_SSH}"
 fi
 
 if [[ -n "${HOMEBREW_DOCKER_REGISTRY_TOKEN}" ]]
diff --git a/bin/brew b/bin/brew
index 4c06f135a0..1bd34f63d2 100755
--- a/bin/brew
+++ b/bin/brew
@@ -121,6 +121,7 @@ then
     http_proxy https_proxy ftp_proxy no_proxy all_proxy HTTPS_PROXY FTP_PROXY ALL_PROXY
     GITHUB_ACTIONS GITHUB_WORKSPACE GITHUB_ACTIONS_HOMEBREW_SELF_HOSTED
     GITHUB_REPOSITORY GITHUB_RUN_ID GITHUB_SHA GITHUB_HEAD_REF GITHUB_BASE_REF GITHUB_REF
+    GIT_SSH
     # TODO: remove the below after a few days
     GITHUB_ACTIONS_HOMEBREW_MACOS_SELF_HOSTED
   )
diff --git a/docs/Manpage.md b/docs/Manpage.md
index 0b90444e43..22db08fa59 100644
--- a/docs/Manpage.md
+++ b/docs/Manpage.md
@@ -2058,6 +2058,9 @@ example, run `export HOMEBREW_NO_INSECURE_REDIRECT=1` rather than just
 - `HOMEBREW_FORCE_BREWED_GIT`
   <br>If set, always use a Homebrew-installed `git`(1) rather than the system version. Automatically set if the system version of `git` is too old.
 
+- `HOMEBREW_FORCE_BREWED_SSH`
+  <br>If set, always use a Homebrew-installed `openssh`(1) rather than the system version.
+
 - `HOMEBREW_FORCE_VENDOR_RUBY`
   <br>If set, always use Homebrew's vendored, relocatable Ruby version even if the system version of Ruby is new enough.
 
@@ -2170,6 +2173,11 @@ example, run `export HOMEBREW_NO_INSECURE_REDIRECT=1` rather than just
 
   *Default:* `$HOME/.ssh/config`
 
+- `HOMEBREW_SSH_PATH`
+  <br>Set this value to a new enough `ssh` executable for Homebrew to use.
+
+  *Default:* `ssh`.
+
 - `HOMEBREW_SKIP_OR_LATER_BOTTLES`
   <br>If set along with `HOMEBREW_DEVELOPER`, do not use bottles from older versions of macOS. This is useful in development on new macOS versions.