diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix
index 634eeec..c295cba 100644
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@@ -1,7 +1,7 @@
 {inputs, ... }:
 let
   userName = "john";
-  sshHostPubKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNug18oLH0vZxnibXJzMJvTWFPZTnSlhCDDVi+rHhgnIum6ZXQ4SF+VHOOAM5BbzZmMKitNJ5lcrGP15Eur7DzQ=";
+  sshHostCAPubKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNug18oLH0vZxnibXJzMJvTWFPZTnSlhCDDVi+rHhgnIum6ZXQ4SF+VHOOAM5BbzZmMKitNJ5lcrGP15Eur7DzQ=";
 in
 {
   flake.modules.nixos.ssh = { pkgs, config, lib, ... }:
@@ -43,7 +43,7 @@ in
       programs.ssh.knownHosts = lib.mkIf cfg.certificates.enable {
         "192.168.1.*" = { 
           certAuthority = true;
-          publicKey = sshHostPubKey;
+          publicKey = sshHostCAPubKey;
         };
       };
     };
@@ -106,7 +106,9 @@ in
         text = lib.concatStringsSep "\n" (
           [
             "fded:fb16:653e:25da:be24:11ff:fea0:753f ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ZqiWPrCwHjxFCiu0lT4rlQs7KyMapxKJQQ5PJP1eh"
-          ] ++ (lib.optional cfg.certificates.enable "@cert-authority 192.168.1.* ${sshHostPubKey}")
+          ]
+          ++ (lib.optional cfg.certificates.enable "@cert-authority 192.168.1.* ${sshHostCAPubKey}")
+          ++ (lib.optional cfg.certificates.enable "@cert-authority *.john-stream.com ${sshHostCAPubKey}")
         );
       };