diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 00f2a00..1ee4f48 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -1,6 +1,5 @@
-borg_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM root@max"
-dataserver_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsLVptkoOwmxs6DnenN8u7Q1Tm/Psh0QdI6vjrTgb6D root@lewis"
-user_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRBrKmIKP5BFhLSdntatIgSC0R/D9EEZlak5Yt0DfUe root@lewis"
+borg_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM"
+dataserver_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIJsLVptkoOwmxs6DnenN8u7Q1Tm/Psh0QdI6vjrTgb6D"
 kingston1tb_mount_point: "/mnt/kingston1TB"
 kingston1tb_uuid: "622a8d81-aa2f-460b-a563-c3cdb6285609"
 backup_location: "{{ kingston1tb_mount_point }}/homeserver_backup"
diff --git a/roles/borg/tasks/main.yml b/roles/borg/tasks/main.yml
index 55a3c8c..ff4c687 100644
--- a/roles/borg/tasks/main.yml
+++ b/roles/borg/tasks/main.yml
@@ -14,7 +14,7 @@
     name: borgbackup
 - name: Add Borg public key
   authorized_key:
-    key: "{{ borg_public_key }}"
+    key: "ssh-ed25519 {{ borg_public_key }} root@max"
     user: "{{ ansible_user_id }}"
 - name: Create Borg repository
   command:
diff --git a/roles/system/files/ssh.conf b/roles/system/files/ssh.conf
deleted file mode 100644
index 9a26c53..0000000
--- a/roles/system/files/ssh.conf
+++ /dev/null
@@ -1 +0,0 @@
-CertificateFile /etc/ssh/ssh_user_ed25519_key-cert.pub
diff --git a/roles/system/files/ssh_user_ed25519_key b/roles/system/files/ssh_user_ed25519_key
deleted file mode 100644
index 97b033f..0000000
--- a/roles/system/files/ssh_user_ed25519_key
+++ /dev/null
@@ -1,25 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35346438336463383831313235653538373964643631303961373865643332623636383161333934
-3531363564313239623935343032376535333962336336350a666439303639363735626562323530
-39613366343331643331663434303531613230373934376537646665633630356462333932613537
-3465383636323934300a343264636565623166646266313764643262343532376336333763363662
-30623133303436373936323534366335663439626633313138366565303037323034613164646663
-31366366346561623039633035373638636464626237353566376666643039626334633863626565
-66356538326464363465623035396534663033646336393265326339346363376666396565346130
-66313634373931323738613863653066313034373361646530666561633463626536633963613236
-31616561316366633865383336363832663066343666356437616332376565326630316538663236
-65383234643439633737336639306232383862366230316262353639313833393138643464393734
-61313463323961623264386334666462623039663138326434643339633165393533386665393839
-34643762643864316331343562366139343432313332356232386139663564323338633139363930
-61346139346430643966346363393331616264396133613362393066363039303164623730356536
-35313138613536626665393239663532663061636433316232393839323732393635316634376464
-39313439656131643436393830356662383537353730373132346639366636613830616562613164
-65623333663763653364616638663833333732356238303130626161653139646563633433353865
-64346235616331363338303265396437623264353066646439643264646665343962373237376131
-30326564623264336365653666616331616138356235323961323134373265646434643065666661
-63616534333631323132663532623135393632333236613162623932316261316165616331396261
-66383862303763313032653565323934303366313765326330303032353937386434656134336433
-30616531323762343539666331336132313530316637393564643530303135366263633531393334
-30346632383139333263326265356133316435636663613130626566333730623739653936366138
-33663165616336363361323631643331346238333635623135623364663234366666393034663132
-64616234633735636164
diff --git a/roles/system/tasks/main.yml b/roles/system/tasks/main.yml
index 1fc7d1f..c7c4d30 100644
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@@ -4,41 +4,12 @@
     user: "{{ ansible_user_id }}"
   loop: "{{ admin_public_keys }}"
 - name: Copy host public key
-  copy:
+  template:
+    src: "{{ role_path }}/templates/ssh_host_ed25519_key.pub.j2"
     dest: "/etc/ssh/ssh_host_ed25519_key.pub"
-    content: "{{ dataserver_public_key }}"
     mode: 0644
 - name: Copy host private key
   copy:
     src: "{{ role_path }}/files/ssh_host_ed25519_key"
     dest: "/etc/ssh/ssh_host_ed25519_key"
     mode: 0600
-- name: Copy user public key
-  copy:
-    dest: "/etc/ssh/ssh_user_ed25519_key.pub"
-    content: "{{ user_public_key }}"
-    mode: 0644
-- name: Copy user private key
-  copy:
-    src: "{{ role_path }}/files/ssh_user_ed25519_key"
-    dest: "/etc/ssh/ssh_user_ed25519_key"
-    mode: 0600
-- name: Copy ssh config
-  copy:
-    src: "{{ role_path }}/files/ssh.conf"
-    dest: "/etc/ssh/ssh_config.d/custom.conf"
-- name: Check certificate existance
-  stat:
-    path: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
-  register: cert_stat
-- name: Generate user certificate
-  command:
-    cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@hermes.dmz '/root/ca.sh user \"{{ user_public_key }}\" lewis.dmz \"backup\"'"
-  register: cert
-  delegate_to: localhost
-  when: not cert_stat.stat.exists
-- name: Place user certificate
-  copy:
-    dest: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
-    content: "{{ cert.stdout }}"
-  when: not cert_stat.stat.exists
diff --git a/roles/system/templates/ssh_host_ed25519_key.pub.j2 b/roles/system/templates/ssh_host_ed25519_key.pub.j2
new file mode 100644
index 0000000..08b6b21
--- /dev/null
+++ b/roles/system/templates/ssh_host_ed25519_key.pub.j2
@@ -0,0 +1 @@
+ssh-ed25519 {{ dataserver_public_key }} root@lewis