diff --git a/home/ssh/default.nix b/home/ssh/default.nix
index bf1f84d..e9fd834 100644
--- a/home/ssh/default.nix
+++ b/home/ssh/default.nix
@@ -2,6 +2,7 @@
 
 {
   home.file.".ssh/id_rsa_yubikey.pub".source = ./id_rsa_yubikey.pub;
+  home.file.".ssh/id_rsa_yubikey-cert.pub".source = ./id_rsa_yubikey-cert.pub;
   programs.ssh = {
     enable = true;
     matchBlocks = {
@@ -21,6 +22,7 @@
       "narwhal" = {
         identitiesOnly = true;
         identityFile = "~/.ssh/id_rsa_yubikey.pub";
+        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
         forwardAgent = true;
         port = 22;
       };
@@ -28,6 +30,7 @@
       "trantor" = {
         identitiesOnly = true;
         identityFile = "~/.ssh/id_rsa_yubikey.pub";
+        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
         forwardAgent = true;
         port = 22;
       };
@@ -35,6 +38,7 @@
       "axolotl" = {
         identitiesOnly = true;
         identityFile = "~/.ssh/id_rsa_yubikey.pub";
+        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
         forwardAgent = true;
         port = 22;
       };
@@ -42,6 +46,7 @@
       "caladan" = {
         identitiesOnly = true;
         identityFile = "~/.ssh/id_rsa_yubikey.pub";
+        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
         forwardAgent = true;
         port = 22;
       };
@@ -49,6 +54,7 @@
       "fugu" = {
         identitiesOnly = true;
         identityFile = "~/.ssh/id_rsa_yubikey.pub";
+        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
         forwardAgent = true;
         port = 22;
       };