diff --git a/clanModules/sshd/roles/client.nix b/clanModules/sshd/roles/client.nix
index 777363f14..bdd61dbe9 100644
--- a/clanModules/sshd/roles/client.nix
+++ b/clanModules/sshd/roles/client.nix
@@ -3,9 +3,4 @@
   imports = [
     ../shared.nix
   ];
-  programs.ssh.knownHosts.ssh-ca = lib.mkIf (config.clan.sshd.certificate.searchDomains != [ ]) {
-    certAuthority = true;
-    extraHostNames = builtins.map (domain: "*.${domain}") config.clan.sshd.certificate.searchDomains;
-    publicKey = config.clan.core.vars.generators.openssh-ca.files."id_ed25519.pub".value;
-  };
 }
diff --git a/clanModules/sshd/shared.nix b/clanModules/sshd/shared.nix
index 768a54988..713ae1c7f 100644
--- a/clanModules/sshd/shared.nix
+++ b/clanModules/sshd/shared.nix
@@ -39,5 +39,11 @@
             ssh-keygen -t ed25519 -N "" -f $out/id_ed25519
           '';
         };
+
+    programs.ssh.knownHosts.ssh-ca = lib.mkIf (config.clan.sshd.certificate.searchDomains != [ ]) {
+      certAuthority = true;
+      extraHostNames = builtins.map (domain: "*.${domain}") config.clan.sshd.certificate.searchDomains;
+      publicKey = config.clan.core.vars.generators.openssh-ca.files."id_ed25519.pub".value;
+    };
   };
 }