diff --git a/inventory/hosts.yml b/inventory/hosts.yml
index 33d71cd..a196063 100644
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@@ -4,4 +4,4 @@ all:
       hosts:
         lewis:
           ansible_user: root
-          ansible_host: lewis.dmz
+          ansible_host: lewis.lan
diff --git a/roles/system/files/ssh.conf b/roles/system/files/ssh.conf
index 9a26c53..4a0bccc 100644
--- a/roles/system/files/ssh.conf
+++ b/roles/system/files/ssh.conf
@@ -1 +1,2 @@
 CertificateFile /etc/ssh/ssh_user_ed25519_key-cert.pub
+IdentityFile /etc/ssh/ssh_user_ed25519_key
diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml
index 1fc7d1f..93ff9d8 100644
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@@ -33,7 +33,7 @@
   register: cert_stat
 - name: Generate user certificate
   command:
-    cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@hermes.dmz '/root/ca.sh user \"{{ user_public_key }}\" lewis.dmz \"backup\"'"
+    cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@hermes.dmz '/root/ca.sh user \"{{ user_public_key }}\" lewis.lan \"backup\"'"
   register: cert
   delegate_to: localhost
   when: not cert_stat.stat.exists
@@ -41,4 +41,5 @@
   copy:
     dest: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
     content: "{{ cert.stdout }}"
+    mode: 0600
   when: not cert_stat.stat.exists