diff --git a/image/base/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset b/image/base/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset
index 493434d54..dcabbedd9 100644
--- a/image/base/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset
+++ b/image/base/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset
@@ -10,4 +10,3 @@ enable measurements.service
 enable export_constellation_debug.service
 enable systemd-timesyncd
 enable udev-trigger.service
-enable create-host-ssh-key.service
diff --git a/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service b/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service
deleted file mode 100644
index 28a0862e7..000000000
--- a/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=Create a host SSH key
-Before=network-pre.target
-
-[Service]
-Type=oneshot
-ExecStart=/bin/bash -c "mkdir -p /run/ssh; ssh-keygen -t ecdsa -q -N '' -f /run/ssh/ssh_host_ecdsa_key"
-
-[Install]
-WantedBy=network-pre.target
diff --git a/image/sysroot-tree/etc/ssh/sshd_config b/image/sysroot-tree/etc/ssh/sshd_config
index dec4fd51d..c327701a6 100644
--- a/image/sysroot-tree/etc/ssh/sshd_config
+++ b/image/sysroot-tree/etc/ssh/sshd_config
@@ -1,4 +1,5 @@
 HostKey /run/ssh/ssh_host_ecdsa_key
+HostCertificate /run/ssh/ssh_host_cert.pub
 TrustedUserCAKeys /run/ssh/ssh_ca.pub
 PasswordAuthentication no
 ChallengeResponseAuthentication no