diff --git a/management/server/peer.go b/management/server/peer.go
index 6c4c2d100..bfa20bae2 100644
--- a/management/server/peer.go
+++ b/management/server/peer.go
@@ -202,7 +202,8 @@ func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, user
 		return nil, err
 	}
 
-	if peer.SSHEnabled != update.SSHEnabled {
+	sshEnabledUpdated := peer.SSHEnabled != update.SSHEnabled
+	if sshEnabledUpdated {
 		peer.SSHEnabled = update.SSHEnabled
 		event := activity.PeerSSHEnabled
 		if !update.SSHEnabled {
@@ -275,6 +276,8 @@ func (am *DefaultAccountManager) UpdatePeer(ctx context.Context, accountID, user
 
 	if peerLabelUpdated || requiresPeerUpdates {
 		am.UpdateAccountPeers(ctx, accountID)
+	} else if sshEnabledUpdated {
+		am.UpdateAccountPeer(ctx, account, peer)
 	}
 
 	return peer, nil
@@ -1064,6 +1067,36 @@ func (am *DefaultAccountManager) UpdateAccountPeers(ctx context.Context, account
 	wg.Wait()
 }
 
+// UpdateAccountPeer updates a single peer that belongs to an account.
+// Should be called when changes need to be synced to a specific peer only.
+func (am *DefaultAccountManager) UpdateAccountPeer(ctx context.Context, account *types.Account, peer *nbpeer.Peer) {
+	if !am.peersUpdateManager.HasChannel(peer.ID) {
+		log.WithContext(ctx).Tracef("peer %s doesn't have a channel, skipping network map update", peer.ID)
+		return
+	}
+
+	approvedPeersMap, err := am.GetValidatedPeers(account)
+	if err != nil {
+		log.WithContext(ctx).Errorf("failed to send update to peer %s, failed to validate peers: %v", peer.ID, err)
+		return
+	}
+
+	dnsCache := &DNSConfigCache{}
+	customZone := account.GetPeersCustomZone(ctx, am.dnsDomain)
+	resourcePolicies := account.GetResourcePoliciesMap()
+	routers := account.GetResourceRoutersMap()
+
+	postureChecks, err := am.getPeerPostureChecks(account, peer.ID)
+	if err != nil {
+		log.WithContext(ctx).Errorf("failed to send update to peer %s, failed to get posture checks: %v", peer.ID, err)
+		return
+	}
+
+	remotePeerNetworkMap := account.GetPeerNetworkMap(ctx, peer.ID, customZone, approvedPeersMap, resourcePolicies, routers, am.metrics.AccountManagerMetrics())
+	update := toSyncResponse(ctx, nil, peer, nil, nil, remotePeerNetworkMap, am.GetDNSDomain(), postureChecks, dnsCache, account.Settings.RoutingPeerDNSResolutionEnabled)
+	am.peersUpdateManager.SendUpdate(ctx, peer.ID, &UpdateMessage{Update: update, NetworkMap: remotePeerNetworkMap})
+}
+
 func ConvertSliceToMap(existingLabels []string) map[string]struct{} {
 	labelMap := make(map[string]struct{}, len(existingLabels))
 	for _, label := range existingLabels {