diff --git a/cli/agent/systemauth/systemauth.go b/cli/agent/systemauth/systemauth.go
index c8884e2..0f2964e 100644
--- a/cli/agent/systemauth/systemauth.go
+++ b/cli/agent/systemauth/systemauth.go
@@ -56,8 +56,11 @@ func (s *SessionStore) CreateSession(pid int, parentpid int, grandparentpid int,
 func (s *SessionStore) verifySession(ctx sockets.CallingContext, sessionType SessionType) bool {
 	for _, session := range s.Store {
 		if session.sessionType == sessionType {
-			if session.Expires.After(time.Now()) {
-				return true
+			// only check for ancestor if the session is not a ssh session
+			if sessionType == SSHKey || (session.ParentPid == ctx.ParentProcessPid && session.GrandParentPid == ctx.GrandParentProcessPid) {
+				if session.Expires.After(time.Now()) {
+					return true
+				}
 			}
 		}
 	}